ajann

220 exploits Active since Mar 2005
CVE-2007-0676 EXPLOITDB text WORKING POC
ExoPHPDesk <= 1.2.1 - SQL Injection via FAQ ID Parameter
SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0301 EXPLOITDB html WORKING POC
FdWeB Espace Membre < 2.1 - Remote File Inclusion via path Parameter
PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0681 EXPLOITDB CRITICAL html WORKING POC
ExtCalendar < 2 - Unauthenticated Password Change via register.php
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
CVSS 9.8
EIP-2026-106481 EXPLOITDB text WORKING POC
DMXReady Blog Manager 1.1 - Remote File Delete
CVE-2007-0765 EXPLOITDB text WORKING POC
dB Masters Curium CMS <1.03 - SQL Injection
SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.
CVE-2006-5666 EXPLOITDB html WORKING POC
E-Annu 1.0 - SQL Injection via Login Parameter
SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0428 EXPLOITDB text WORKING POC
DMXReady Secure Document Library <1.1 - SQL Injection
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-4945 EXPLOITDB text WRITEUP
Cardway DigitalWebShop <1.128 - RCE
Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.
CVE-2006-4946 EXPLOITDB text WORKING POC
CMSDevelopment Business Card Web Builder < 2.5 - Remote File Inclusion via root_path Parameter
PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2007-0663 EXPLOITDB text WORKING POC
CascadianFAQ <= 4.1 - SQL Injection via qid Parameter
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0983 EXPLOITDB html WORKING POC
AT Contenator < 1.0 - Remote Code Execution via Root_To_Script Parameter
PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.
CVE-2007-1298 EXPLOITDB perl WORKING POC
AJ Auction 1.0 - SQL Injection
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
CVE-2007-1297 EXPLOITDB html WORKING POC
AJDating 1.0 - SQL Injection via view_profile.php user_id Parameter
SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2007-1296 EXPLOITDB html WORKING POC
AJ Classifieds 1.0 - SQL Injection via postingid Parameter
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
EIP-2026-105075 EXPLOITDB text WORKING POC
Alex DownloadEngine 1.4.1 - 'comments.php' SQL Injection
CVE-2007-1295 EXPLOITDB perl WORKING POC
AJ Forum 1.0 - SQL Injection via td_id Parameter
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
CVE-2007-0577 EXPLOITDB text WORKING POC
ACGVclick 0.2.0 - Remote File Inclusion via path Parameter
PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0697 EXPLOITDB text WORKING POC
ACGVannu < 1.3 - Unauthenticated Password and Profile Modification via ID Parameter
index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information.
CVE-2006-4852 EXPLOITDB text WORKING POC
QuadComm Q-Shop <3.5 - SQL Injection
SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.
CVE-2006-6029 EXPLOITDB text WORKING POC
Property Pro 1.0 - SQL Injection via UserName Field
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
EIP-2026-100497 EXPLOITDB text WORKING POC
PrideForum 1.0 - 'forum.asp' SQL Injection
CVE-2006-5676 EXPLOITDB WORKING POC
Uni-Vert PhpLeague <= 0.82 - SQL Injection via champ Parameter
SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter.
EIP-2026-100467 EXPLOITDB html WORKING POC
Online Event Registration 2.0 - 'save_profile.asp' Pass Change
CVE-2006-5885 EXPLOITDB text WORKING POC
NuStore 1.0 - SQL Injection via Products.asp SubCatagoryID Parameter
SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter.
CVE-2006-5887 EXPLOITDB perl WORKING POC
Dynamic Dataworx NuSchool 1.0 - SQL Injection via CampusNewsDetails.asp NewsID Parameter
SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.