d3b4g

38 exploits Active since Oct 2008
CVE-2008-6326 EXPLOITDB WORKING POC
Simplecustomer Simple Customer - SQL Injection
SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6309 EXPLOITDB WORKING POC
W3matter Askpert - SQL Injection
SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-6588 EXPLOITDB text WORKING POC
Myrephp Myre Business Directory - SQL Injection
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2012-6586 EXPLOITDB text WORKING POC
Myrephp Myre Vacation Rental - SQL Injection
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.
CVE-2012-6584 EXPLOITDB text WORKING POC
Myrephp Myre Realty Manager - SQL Injection
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.
CVE-2008-6215 EXPLOITDB text WORKING POC
Bookingcentre Booking System For Hotels Group - XSS
Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.
CVE-2008-4773 EXPLOITDB text WORKING POC
Questwork Questcms - Path Traversal
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2008-4772 EXPLOITDB text WORKING POC
Questwork Questcms - SQL Injection
SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.
CVE-2009-1330 EXPLOITDB perl WORKING POC
Mini-stream Easy RM TO Mp3 Converter - Memory Corruption
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
EIP-2026-116939 EXPLOITDB perl WORKING POC
CastRipper 2.50.70 (Windows XP SP3) - '.pls' Local Stack Buffer Overflow
EIP-2026-116477 EXPLOITDB text WORKING POC
VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC)
EIP-2026-116392 EXPLOITDB text WORKING POC
TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash (PoC)
CVE-2013-5578 EXPLOITDB text WORKING POC
StarUML - Buffer Overflow
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
EIP-2026-115840 EXPLOITDB python WORKING POC
Mini-stream Ripper 3.0.1.1 - '.smi' Local Buffer Overflow (PoC)
EIP-2026-115999 EXPLOITDB text SUSPICIOUS
Opera 10.10 - XML Parser Denial of Service (PoC)
EIP-2026-115862 EXPLOITDB text SUSPICIOUS
Mozilla Firefox 3.6 - XML Parser Memory Corruption (PoC) / Denial of Service
CVE-2010-5289 EXPLOITDB html WORKING POC
IncrediMail 2.0 - Buffer Overflow
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument.
EIP-2026-114952 EXPLOITDB text WORKING POC
Autodesk MapGuide Viewer - ActiveX Denial of Service
CVE-2008-6216 EXPLOITDB text WORKING POC
Bookingcentre Booking System For Hotels Group - SQL Injection
SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter.
CVE-2008-5785 EXPLOITDB text WORKING POC
V3 Chat - Profiles/Dating Script 3.0.2 - SQL Injection
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
EIP-2026-112627 EXPLOITDB text WORKING POC
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
CVE-2008-6332 EXPLOITDB text WRITEUP
Simplecustomer Simple Customer - SQL Injection
SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2008-6776 EXPLOITDB text WORKING POC
Scripts-for-sites EZ Hot OR Not - SQL Injection
SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.
CVE-2008-6780 EXPLOITDB text WORKING POC
Scripts-for-sites EZ Affiliate - SQL Injection
SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-6310 EXPLOITDB text WORKING POC
W3matter Revsense - SQL Injection
SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.