ajann

220 exploits Active since Mar 2005
CVE-2006-6543 EXPLOITDB text WORKING POC
AppIntellect SpotLight CRM 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-2807 EXPLOITDB html WORKING POC
ASPwebSoft Speedy Asp Discussion Forum - RCE
ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.
CVE-2006-4796 EXPLOITDB text WORKING POC
Snitz Forums 2000 3.4.06 - Cross-Site Scripting via Sortorder Parameter
Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).
CVE-2006-6559 EXPLOITDB text WORKING POC
Lotfian Request For Travel 1.0 - SQL Injection
SQL injection vulnerability in ProductDetails.asp in Lotfian Request For Travel 1.0 allows remote attackers to execute arbitrary SQL commands via the PID parameter.
CVE-2007-0144 EXPLOITDB text WORKING POC
Digitizing Quote And Ordering System 1.0 - Authenticated Cross-Site Scripting via search.asp ordernum Parameter
Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.
CVE-2006-2638 EXPLOITDB text WORKING POC
qjforum - SQL Injection via uName Parameter
SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.
CVE-2007-0582 EXPLOITDB text WRITEUP
chernobile 1.0 - SQL Injection via User Field
SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field.
CVE-2006-4882 EXPLOITDB text WORKING POC
Julian Roberts Charon Cart 3 - SQL Injection
SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.
CVE-2006-6792 EXPLOITDB text WORKING POC
Calendar MX BASIC <1.0.2 - SQL Injection
SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-100163 EXPLOITDB WORKING POC
Berty Forum 1.4 - 'index.php' Blind SQL Injection
CVE-2007-0053 EXPLOITDB text WORKING POC
ASP SiteWare autoDealer < 2.0 - SQL Injection via detail.asp iPro Parameter
SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter.
EIP-2026-100093 EXPLOITDB html WORKING POC
Active Bulletin Board 1.1b2 - Remote User Pass Change
CVE-2006-6848 EXPLOITDB text WORKING POC
ASPTicker 1.0 - SQL Injection via admin.asp PATH_INFO
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.
CVE-2006-5879 EXPLOITDB WORKING POC
ASPPortal < 4.0.0_beta - SQL Injection via Poll_ID Parameter
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
CVE-2006-5892 EXPLOITDB perl WORKING POC
ASPired2Poll < 1.0 - SQL Injection via MoreInfo.asp id Parameter
SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6070 EXPLOITDB text WORKING POC
ASP Nuke < 0.80 - SQL Injection via StateCode Parameter
SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter.
CVE-2006-7152 EXPLOITDB text WRITEUP
ASP-Nuke Community <1.5 - Privilege Escalation
default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.
CVE-2006-5952 EXPLOITDB text WORKING POC
ASP Smiley 1.0 - SQL Injection via Username Field
SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field.
EIP-2026-100121 EXPLOITDB WORKING POC
ASP Portal 2.0/3.x/4.0 - 'Default1.asp' SQL Injection
CVE-2007-0566 EXPLOITDB text WORKING POC
ASP NEWS < 3 - SQL Injection via id Parameter
SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0560 EXPLOITDB text WORKING POC
ASP EDGE 1.2b - SQL Injection via User Parameter
SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
EIP-2026-100108 EXPLOITDB text WORKING POC
AppIntellect SpotLight CRM - 'login.asp' SQL Injection
CVE-2010-4782 EXPLOITDB text WORKING POC
Softwebs Nepal Ananda Real Estate 3.4 - SQL Injection
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
CVE-2006-6831 EXPLOITDB text WORKING POC
aFAQ 1.0 - SQL Injection via catcode Parameter
SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.
CVE-2006-2848 EXPLOITDB html WORKING POC
aspWebLinks 2.0 - Unauthenticated Administrative Password Change via txtAdministrativePassword Field
links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.