d3b4g

38 exploits Active since Oct 2008
CVE-2008-6326 EXPLOITDB WORKING POC
Simple Customer - SQL Injection via Email Parameter
SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6309 EXPLOITDB WORKING POC
W3matter AskPert - SQL Injection via f[password] Parameter
SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-6588 EXPLOITDB text WORKING POC
myre_business_directory - SQL Injection via links.php cat Parameter
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2012-6586 EXPLOITDB text WORKING POC
MYRE Vacation Rental Software - SQL Injection via Garage or Bathrooms Parameter
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.
CVE-2012-6584 EXPLOITDB text WORKING POC
MYRE Realty Manager - SQL Injection via bathrooms1 Parameter
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.
CVE-2008-6215 EXPLOITDB text WORKING POC
Venalsur Booking Centre Booking System for Hotels Group - Stored Cross-Site Scripting via OfertaID Parameter
Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.
CVE-2008-4773 EXPLOITDB text WORKING POC
QuestCMS - Path Traversal via Theme Parameter
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2008-4772 EXPLOITDB text WORKING POC
QuestCMS - SQL Injection via obj Parameter
SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
EIP-2026-116939 EXPLOITDB perl WORKING POC
CastRipper 2.50.70 (Windows XP SP3) - '.pls' Local Stack Buffer Overflow
EIP-2026-116477 EXPLOITDB text WORKING POC
VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC)
EIP-2026-116392 EXPLOITDB text WORKING POC
TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash (PoC)
CVE-2013-5578 EXPLOITDB text WORKING POC
StarUML - Buffer Overflow in ToDot Method via Long Argument
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
EIP-2026-115840 EXPLOITDB python WORKING POC
Mini-stream Ripper 3.0.1.1 - '.smi' Local Buffer Overflow (PoC)
EIP-2026-115999 EXPLOITDB text SUSPICIOUS
Opera 10.10 - XML Parser Denial of Service (PoC)
EIP-2026-115862 EXPLOITDB text SUSPICIOUS
Mozilla Firefox 3.6 - XML Parser Memory Corruption (PoC) / Denial of Service
CVE-2010-5289 EXPLOITDB html WORKING POC
IncrediMail 2.0 - Buffer Overflow in Authenticate Method via Long String
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument.
EIP-2026-114952 EXPLOITDB text WORKING POC
Autodesk MapGuide Viewer - ActiveX Denial of Service
CVE-2008-6216 EXPLOITDB text WORKING POC
Venalsur Booking Centre Booking System for Hotels Group - SQL Injection via OfertaID Parameter
SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter.
CVE-2008-5785 EXPLOITDB text WORKING POC
V3 Chat - Profiles/Dating Script 3.0.2 - SQL Injection
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
EIP-2026-112627 EXPLOITDB text WORKING POC
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
CVE-2008-6332 EXPLOITDB text WRITEUP
Simple Customer 1.2 - SQL Injection via Login Password Parameter
SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2008-6776 EXPLOITDB text WORKING POC
Scripts For Sites EZ Hot or Not - SQL Injection via viewcomments.php phid Parameter
SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.
CVE-2008-6780 EXPLOITDB text WORKING POC
Scripts for Sites EZ Affiliate - SQL Injection via cat_id Parameter
SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-6310 EXPLOITDB text WORKING POC
W3matter RevSense 1.0 - SQL Injection via f[password] Parameter
SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.