ajann

220 exploits Active since Mar 2005
CVE-2007-1696 EXPLOITDB html WORKING POC
Active Newsletter < 4.3 - SQL Injection via NewsPaperID Parameter
SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter.
CVE-2007-0590 EXPLOITDB text WORKING POC
Forum Livre 1.0 - Cross-Site Scripting via busca2.asp palavra Parameter
Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.
CVE-2006-6117 EXPLOITDB text WORKING POC
fipsgallery < 1.5 - SQL Injection via which Parameter
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
CVE-2006-6116 EXPLOITDB text WORKING POC
fipsforum < 2.6 - SQL Injection via kat Parameter
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
CVE-2006-6115 EXPLOITDB perl WORKING POC
fipsCMS < 4.5 - SQL Injection via fid Parameter
SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
CVE-2006-6813 EXPLOITDB perl WORKING POC
mxmania_file_upload_manager < 1.0.6 - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2010-2359 EXPLOITDB html WORKING POC
eWebquiz 8 - SQL Injection via QuizType Parameter
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.
CVE-2006-5934 EXPLOITDB text WORKING POC
Estate Agent Manager <= 1.3 - SQL Injection via UserName Field
SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field.
CVE-2006-4871 EXPLOITDB text WORKING POC
Keyvan1 EShoppingPro 1.0 - SQL Injection via search_run.asp order Parameter
SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2006-3027 EXPLOITDB text WORKING POC
Enthrallwebe ePhotos <2.2 - SQL Injection
Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp.
CVE-2006-6802 EXPLOITDB perl WORKING POC
Enthrallweb ePages - SQL Injection via Biz_ID Parameter
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
CVE-2006-6821 EXPLOITDB html WORKING POC
Enthrallweb eNews - Authenticated Profile Field Modification via MM_recordId Parameter
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6806 EXPLOITDB perl WORKING POC
Enthrallweb eMates 1.0 - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-6805 EXPLOITDB perl WORKING POC
Enthrallweb eJobs - SQL Injection via Newsdetail ID Parameter
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-6204 EXPLOITDB text WORKING POC
Enthrallweb eHomes - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp.
CVE-2006-6820 EXPLOITDB html WORKING POC
Enthrallweb eCoupons - Privilege Escalation
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6822 EXPLOITDB html WORKING POC
Enthrallweb eClassifieds - Auth Bypass
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6803 EXPLOITDB text WORKING POC
Enthrallweb eCars 1.0 - SQL Injection
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
CVE-2006-4872 EXPLOITDB text WRITEUP
Keyvan1 ECardPro 2.0 - SQL Injection via search.asp Keyword Parameter
SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
CVE-2006-2697 EXPLOITDB WORKING POC
Easy-Content Forums 1.0 - SQL Injection via startletter or forumname Parameter
Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp.
CVE-2007-0092 EXPLOITDB text WORKING POC
e-smart_cart 1.0 - SQL Injection via product_id Parameter
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
CVE-2006-6804 EXPLOITDB text WORKING POC
Dragon Business Directory - Pro <3.01.12 - SQL Injection
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
EIP-2026-100273 EXPLOITDB text WORKING POC
DMXReady SDK 1.1 - Arbitrary File Download
EIP-2026-100271 EXPLOITDB text WRITEUP
DMXReady Registration Manager 1.1 - Contents Change
EIP-2026-100270 EXPLOITDB text WRITEUP
DMXReady Photo Gallery Manager 1.1 - Contents Change