ajann

220 exploits Active since Mar 2005
CVE-2007-1696 EXPLOITDB html WORKING POC
Active WEB Softwares Active Newsletter < 4.3 - SQL Injection
SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter.
CVE-2007-0590 EXPLOITDB text WORKING POC
Forum Livre - XSS
Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.
CVE-2006-6117 EXPLOITDB text WORKING POC
Fipsasp Fipsgallery < 1.5 - SQL Injection
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
CVE-2006-6116 EXPLOITDB text WORKING POC
Fipsasp Fipsforum < 2.6 - SQL Injection
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
CVE-2006-6115 EXPLOITDB perl WORKING POC
Fipsasp Fipscms < 4.5 - SQL Injection
SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
CVE-2006-6813 EXPLOITDB perl WORKING POC
Mxmania FUM <1.0.6 - SQL Injection
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2010-2359 EXPLOITDB html WORKING POC
Activewebsoftwares Ewebquiz - SQL Injection
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.
CVE-2006-5934 EXPLOITDB text WORKING POC
Iexpress Estate Agent Manager - SQL Injection
SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field.
CVE-2006-4871 EXPLOITDB text WORKING POC
EShoppingPro 1.0 - SQL Injection
SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2006-3027 EXPLOITDB text WORKING POC
Enthrallwebe ePhotos <2.2 - SQL Injection
Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp.
CVE-2006-6802 EXPLOITDB perl WORKING POC
Enthrallweb ePages - SQL Injection
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
CVE-2006-6821 EXPLOITDB html WORKING POC
Enthrallweb eNews - Auth Bypass
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6806 EXPLOITDB perl WORKING POC
Enthrallweb eMates 1.0 - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-6805 EXPLOITDB perl WORKING POC
Enthrallweb eJobs - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-6204 EXPLOITDB text WORKING POC
Enthrallweb Ehomes - SQL Injection
Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp.
CVE-2006-6820 EXPLOITDB html WORKING POC
Enthrallweb eCoupons - Privilege Escalation
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6822 EXPLOITDB html WORKING POC
Enthrallweb eClassifieds - Auth Bypass
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6803 EXPLOITDB text WORKING POC
Enthrallweb eCars 1.0 - SQL Injection
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
CVE-2006-4872 EXPLOITDB text WRITEUP
ECardPro 2.0 - SQL Injection
SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
CVE-2006-2697 EXPLOITDB WORKING POC
Easy-content Forums - SQL Injection
Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp.
CVE-2007-0092 EXPLOITDB text WORKING POC
E-smart Cart - SQL Injection
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
CVE-2006-6804 EXPLOITDB text WORKING POC
Dragon Business Directory - Pro <3.01.12 - SQL Injection
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
EIP-2026-100273 EXPLOITDB text WORKING POC
DMXReady SDK 1.1 - Arbitrary File Download
EIP-2026-100271 EXPLOITDB text WRITEUP
DMXReady Registration Manager 1.1 - Contents Change
EIP-2026-100270 EXPLOITDB text WRITEUP
DMXReady Photo Gallery Manager 1.1 - Contents Change