boom3rang

37 exploits Active since Dec 2006
CVE-2008-5494 EXPLOITDB text WORKING POC
Joomla! com_contactinfo 1.0 - SQL Injection
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-5865 EXPLOITDB text WORKING POC
Hotel Booking Reservation System 1.0.0 - com_hbssearch - SQL Injection
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
CVE-2008-5865 EXPLOITDB text WRITEUP
Hotel Booking Reservation System 1.0.0 - com_hbssearch - SQL Injection
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
CVE-2008-5643 EXPLOITDB text WORKING POC
Joomla com_books - SQL Injection via book_id Parameter
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
CVE-2009-2390 EXPLOITDB python WORKING POC
com_bookflip 2.1 - SQL Injection via book_id Parameter
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.
CVE-2009-3223 EXPLOITDB text WORKING POC
inout_adserver - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2006-6446 EXPLOITDB text WORKING POC
iWare Professional 5.0.4 - SQL Injection
SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6017 EXPLOITDB text WORKING POC
i-rater_basic - SQL Injection via idp Parameter
SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter.
CVE-2008-4785 EXPLOITDB text WORKING POC
e107 alternate_profiles_plugin - SQL Injection via newuser.php id Parameter
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-106676 EXPLOITDB text WORKING POC
e107 Plugin userjournals_menu - 'blog.id' SQL Injection
CVE-2008-6466 EXPLOITDB text WORKING POC
Akira Powered Image Gallery 0.9.6.2 - SQL Injection via Image Parameter
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
CVE-2009-1032 EXPLOITDB text WORKING POC
YABSoft Advanced Image Hosting Script 2.3 - SQL Injection via Gallery List gal Parameter
SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.