almaster

18 exploits Active since Aug 2005
EIP-2026-114441 EXPLOITDB text WORKING POC
XMB Forum 1.9.3 - 'post.php' SQL Injection
EIP-2026-114417 EXPLOITDB text WRITEUP
XDT Pro 2.3 - 'stats.php' Cross-Site Scripting
CVE-2005-2441 EXPLOITDB text WORKING POC
vbzoom - Cross-Site Scripting via UserName or UserID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.
CVE-2005-2441 EXPLOITDB text WORKING POC
vbzoom - Cross-Site Scripting via UserName or UserID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.
CVE-2005-3363 EXPLOITDB text WRITEUP
Saphp Lesson - SQL Injection via ForumID Parameter
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
CVE-2005-3478 EXPLOITDB text WORKING POC
PHPCafe.net Tutorials Manager 1.0 Beta 2 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in PHPCafe.net Tutorials Manager 1.0 Beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3627 EXPLOITDB text WRITEUP
PHP Lite Calendar Express 2.2 - SQL Injection via cid Parameter
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3627 EXPLOITDB text WRITEUP
PHP Lite Calendar Express 2.2 - SQL Injection via cid Parameter
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3627 EXPLOITDB text WRITEUP
PHP Lite Calendar Express 2.2 - SQL Injection via cid Parameter
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-3159 EXPLOITDB text WRITEUP
PHP-Fusion - SQL Injection via msg_view Parameter
SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.
CVE-2006-2209 EXPLOITDB text WRITEUP
PHP Arena paCheckBook 1.1 - SQL Injection via transtype or entry Parameter
Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-4702 EXPLOITDB text WRITEUP
IPBProArcade 2.5.2 - SQL Injection via GameID Parameter
SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430.
CVE-2006-2217 EXPLOITDB text WRITEUP
Invision Power Board - SQL Injection via Reputation Action PID Parameter
SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-3395 EXPLOITDB text WRITEUP
Invision Gallery 2.0.3 - SQL Injection via st Parameter
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
EIP-2026-106884 EXPLOITDB text WRITEUP
eNpaper1 - 'Root_Header.php' Remote File Inclusion
EIP-2026-105691 EXPLOITDB text WORKING POC
Calendar Express 2.2 - 'search.php' Cross-Site Scripting
CVE-2005-4769 EXPLOITDB text WRITEUP
Belchior Foundry vCard PRO 3.1 - SQL Injection
SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5635 EXPLOITDB text WRITEUP
Web Wiz Forums - SQL Injection via KW Parameter
SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter.