d3v1l

38 exploits Active since Jul 2007
CVE-2010-2674 EXPLOITDB text WORKING POC
TSOKA:CMS <2.0 - SQL Injection
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.
CVE-2009-1623 EXPLOITDB text WRITEUP
Dew-code Dew-newphplinks - XSS
Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter.
CVE-2008-4335 EXPLOITDB text WORKING POC
Atomic Photo Album - SQL Injection
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.
EIP-2026-114390 EXPLOITDB text WORKING POC
WSN Classifieds 6.2.12/6.2.18 - Multiple Vulnerabilities
CVE-2012-2371 EXPLOITDB text WORKING POC
WP-FaceThumb 0.1 - XSS
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
CVE-2008-6031 EXPLOITDB text WORKING POC
WSN Links <2.23 - SQL Injection
SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable.
CVE-2008-6033 EXPLOITDB text WORKING POC
WSN Links 2.20 - SQL Injection
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2172 EXPLOITDB text WRITEUP
Radio and TV Player <vBulletin - XSS
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
CVE-2010-2675 EXPLOITDB text WORKING POC
TSOKA:CMS <2.0 - XSS
Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action.
CVE-2008-6271 EXPLOITDB text WORKING POC
Tbmnetcms - Path Traversal
Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter.
EIP-2026-112183 EXPLOITDB text WORKING POC
SiteDone Custom Edition 2.0 - SQL Injection / Cross-Site Scripting
EIP-2026-112164 EXPLOITDB text WORKING POC
Simply Sites RGV - Local File Inclusion
EIP-2026-111117 EXPLOITDB text WRITEUP
phpList 2.8.11 - SQL Injection
CVE-2008-5088 EXPLOITDB text WORKING POC
Knowledgebase-script Phpkb Knowledge Base Software - SQL Injection
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.
CVE-2007-6376 EXPLOITDB text WRITEUP
PHP-Nuke 8.0 - Path Traversal
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4880 EXPLOITDB text WORKING POC
Maran Php Shop - SQL Injection
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
CVE-2008-6222 EXPLOITDB text WORKING POC
Joomlashowroom Pro Desk Support Center - Path Traversal
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
CVE-2008-6222 EXPLOITDB text WORKING POC
Joomlashowroom Pro Desk Support Center - Path Traversal
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
EIP-2026-108990 EXPLOITDB text WORKING POC
Kempt SiteDone 2.0 - '/detail.php' Cross-Site Scripting / SQL Injection
EIP-2026-108255 EXPLOITDB text WORKING POC
Joomla! Component com_adds - Blind SQL Injection
EIP-2026-108573 EXPLOITDB text WORKING POC
Joomla! Component com_units - SQL Injection
EIP-2026-108506 EXPLOITDB text WORKING POC
Joomla! Component com_radio - SQL Injection
EIP-2026-108430 EXPLOITDB text WORKING POC
Joomla! Component com_leader - SQL Injection
EIP-2026-108383 EXPLOITDB text WORKING POC
Joomla! Component com_items - SQL Injection
CVE-2008-6179 EXPLOITDB text WORKING POC
Indexscript - SQL Injection
SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.