ajann

220 exploits Active since Mar 2005
CVE-2007-0676 EXPLOITDB text WORKING POC
ExoPHPDesk <1.2.1 - SQL Injection
SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0301 EXPLOITDB html WORKING POC
FdWeB Espace Membre <2.1 - RCE
PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0681 EXPLOITDB CRITICAL html WORKING POC
ExtCalendar <2 - Auth Bypass
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
CVSS 9.8
EIP-2026-106481 EXPLOITDB text WORKING POC
DMXReady Blog Manager 1.1 - Remote File Delete
CVE-2007-0765 EXPLOITDB text WORKING POC
dB Masters Curium CMS <1.03 - SQL Injection
SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.
CVE-2006-5666 EXPLOITDB html WORKING POC
Asmir Alic E Annu - SQL Injection
SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0428 EXPLOITDB text WORKING POC
DMXReady Secure Document Library <1.1 - SQL Injection
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-4945 EXPLOITDB text WRITEUP
Cardway DigitalWebShop <1.128 - RCE
Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.
CVE-2006-4946 EXPLOITDB text WORKING POC
PHP <2.5 Beta - RCE
PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2007-0663 EXPLOITDB text WORKING POC
Eclectic Designs Cascadianfaq < 4.0 - SQL Injection
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0983 EXPLOITDB html WORKING POC
AT Contenator <1.0 - RCE
PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.
CVE-2007-1298 EXPLOITDB perl WORKING POC
AJ Auction 1.0 - SQL Injection
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
CVE-2007-1297 EXPLOITDB html WORKING POC
AJDating 1.0 - SQL Injection
SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2007-1296 EXPLOITDB html WORKING POC
AJ Classifieds 1.0 - SQL Injection
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
EIP-2026-105075 EXPLOITDB text WORKING POC
Alex DownloadEngine 1.4.1 - 'comments.php' SQL Injection
CVE-2007-1295 EXPLOITDB perl WORKING POC
AJ Forum 1.0 - SQL Injection
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
CVE-2007-0577 EXPLOITDB text WORKING POC
ACGVclick <0.2.0 - Code Injection
PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0697 EXPLOITDB text WORKING POC
ACGVannu <1.3 - RCE
index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information.
CVE-2006-4852 EXPLOITDB text WORKING POC
QuadComm Q-Shop <3.5 - SQL Injection
SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.
CVE-2006-6029 EXPLOITDB text WORKING POC
Property Pro - SQL Injection
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
EIP-2026-100497 EXPLOITDB text WORKING POC
PrideForum 1.0 - 'forum.asp' SQL Injection
CVE-2006-5676 EXPLOITDB WORKING POC
Uni-vert Phpleague < 0.82 - SQL Injection
SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter.
EIP-2026-100467 EXPLOITDB html WORKING POC
Online Event Registration 2.0 - 'save_profile.asp' Pass Change
CVE-2006-5885 EXPLOITDB text WORKING POC
Dynamic Dataworx Nustore - SQL Injection
SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter.
CVE-2006-5887 EXPLOITDB perl WORKING POC
Dynamic Dataworx Nuschool - SQL Injection
SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.