ajann

220 exploits Active since Mar 2005
CVE-2006-5886 EXPLOITDB perl WORKING POC
Dynamic Dataworx NuRealestate 1.0 - SQL Injection via PropID Parameter
SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.
CVE-2006-5881 EXPLOITDB perl WORKING POC
Dynamic Dataworx NuCommunity 1.0 - SQL Injection via cl_cat_ID Parameter
SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter.
CVE-2006-6787 EXPLOITDB perl WORKING POC
Newsletter MX <1.0.2 - SQL Injection
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2007-1566 EXPLOITDB text WORKING POC
NetVIOS Portal - SQL Injection via NewsID Parameter
SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954.
CVE-2006-5880 EXPLOITDB perl WORKING POC
Munch Pro 1.0 - SQL Injection via subMenu Page catid Parameter
SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-0196 EXPLOITDB text WORKING POC
motionborg_web_real_estate < 2.1 - SQL Injection via txtUserName Parameter
SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.
CVE-2007-0600 EXPLOITDB text WORKING POC
Newsposter Script 3 - SQL Injection via uid Parameter
SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.
EIP-2026-100398 EXPLOITDB text WORKING POC
Lotfian Request For Travel 1.0 - 'ProductDetails.asp' SQL Injection
CVE-2006-2858 EXPLOITDB text WORKING POC
LocazoList Classifieds 1.05e - SQL Injection
SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
CVE-2007-0129 EXPLOITDB text WORKING POC
LocazoList Classifieds < 2.01a_beta5 - SQL Injection via main.asp subcatID Parameter
SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.
CVE-2006-6160 EXPLOITDB text WORKING POC
Liberum Help Desk <= 0.97.3 - SQL Injection via details.asp id Parameter
SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6525 EXPLOITDB text WORKING POC
EzHRS HR Assist <1.05 - SQL Injection
SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0554 EXPLOITDB text WORKING POC
Guo Xu Guos Posting System 1.2 - SQL Injection via print.asp id Parameter
SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6846 EXPLOITDB text WORKING POC
WYWO InOut Board 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.
CVE-2007-0225 EXPLOITDB text WORKING POC
VP-ASP Shopping Cart <= 6.09 - Cross-Site Scripting via shopcustadmin.asp msg Parameter
Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-5890 EXPLOITDB text WORKING POC
Superfreaker Studios USupport 1.0 - SQL Injection via detail.asp id Parameter
SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-5891 EXPLOITDB text WORKING POC
Superfreaker Studios UStore 1.0 - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-5888 EXPLOITDB text WORKING POC
Superfreaker Studios UPublisher 1.0 - SQL Injection via viewarticle.asp ID Parameter
SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-5641 EXPLOITDB text WORKING POC
Techno Dreams Announcement - SQL Injection via MainAnnounce2.asp key Parameter
SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2006-6349 EXPLOITDB perl WORKING POC
PWP Technologies The Classified Ad System - SQL Injection
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.
CVE-2006-5640 EXPLOITDB text WORKING POC
Techno Dreams Guest Book < 1.0 - SQL Injection via key Parameter
SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2006-4892 EXPLOITDB text WORKING POC
Techno Dreams FAQ Manager Package 1.0 - SQL Injection
SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2006-4891 EXPLOITDB text WORKING POC
Techno Dreams Articles & Papers Package <2.0 - SQL Injection
SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2006-6381 EXPLOITDB text WORKING POC
Ultimate HelpDesk - Directory Traversal via getfile.asp Filename Parameter
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2007-0049 EXPLOITDB html WORKING POC
Geckovich TaskTracker Pro <1.5 - RCE
Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.