boom3rang

37 exploits Active since Dec 2006
CVE-2008-2630 EXPLOITDB WORKING POC
JooBlog (com_jb2) 0.1.1 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
CVE-2008-5864 EXPLOITDB WORKING POC
com_tophotelmodule 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2008-5864 EXPLOITDB text WORKING POC
com_tophotelmodule 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
EIP-2026-113883 EXPLOITDB text WORKING POC
WordPress Plugin Media Holder - SQL Injection
CVE-2008-4754 EXPLOITDB text WORKING POC
Scripts for Sites Ez Forum - SQL Injection via Forum Parameter
SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
CVE-2009-1023 EXPLOITDB text WORKING POC
phpcomasy 0.9.1 - SQL Injection via entry_id Parameter
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
EIP-2026-111125 EXPLOITDB text WORKING POC
PHPLive! 3.2.2 - 'request.php' SQL Injection
EIP-2026-110820 EXPLOITDB text WORKING POC
PHP-Fusion Mod triscoop_race_system - 'raceid' SQL Injection
CVE-2008-5197 EXPLOITDB text WORKING POC
php-fusion - SQL Injection via Classifieds Detail Adverts lid Parameter
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
CVE-2009-4749 EXPLOITDB text WRITEUP
PHP Live! 3.2.1-3.2.2 - SQL Injection via x Parameter
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.
CVE-2008-4527 EXPLOITDB text WORKING POC
PHP-Fusion Recepies Module 1.1 - SQL Injection via kat_id Parameter
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.
CVE-2008-4521 EXPLOITDB text WORKING POC
World of Warcraft tracker infusion module 2.0 - SQL Injection via INFO_RAID_ID Parameter
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.
EIP-2026-110818 EXPLOITDB text WORKING POC
PHP-Fusion Mod manuals - 'manual' SQL Injection
CVE-2008-5196 EXPLOITDB text WORKING POC
Kroax (the_kroax) 4.42 - SQL Injection
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-5074 EXPLOITDB text WORKING POC
Freshlinks 1.0 RC1 module for PHP-Fusion - SQL Injection via linkid Parameter
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
CVE-2009-4474 EXPLOITDB text WORKING POC
Mike de Boer zoom (com_zoom) 2.0 - SQL Injection
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
EIP-2026-109293 EXPLOITDB perl WORKING POC
Mambo Component n-form - 'form_id' Blind SQL Injection
CVE-2008-6149 EXPLOITDB text WORKING POC
com_mdigg 2.2.8 - SQL Injection via cagtegory Parameter
SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.
CVE-2008-6148 EXPLOITDB text WRITEUP
Live Ticker (com_liveticker) 1.0 for Joomla! - SQL Injection via tid Parameter
SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.
CVE-2008-6337 EXPLOITDB text WORKING POC
Volunteer Management System (com_volunteer) 2.0 - SQL Injection via job_id Parameter
SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php.
EIP-2026-108139 EXPLOITDB text WORKING POC
Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection
CVE-2008-5051 EXPLOITDB text WORKING POC
JooBlog 0.1.1 - SQL Injection via PostID Parameter
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
CVE-2008-6852 EXPLOITDB text WORKING POC
Ice Gallery Component for Joomla! 0.5 beta 2 - SQL Injection via catid Parameter
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-0726 EXPLOITDB text WORKING POC
GigCalendar (com_gigcal) 1.0 - SQL Injection
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
CVE-2008-4623 EXPLOITDB text WORKING POC
DS-Syndicate 1.1.1 - SQL Injection via feed_id Parameter
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.