d3v1l

38 exploits Active since Jul 2007
CVE-2008-6401 EXPLOITDB text WORKING POC
jetik-web - SQL Injection via sayfa.php kat Parameter
SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter.
CVE-2008-5064 EXPLOITDB text WORKING POC
H&H WebSoccer 2.80 - SQL Injection via liga.php id Parameter
SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6028 EXPLOITDB text WORKING POC
University of Queensland Library Fez <2.0 RC1 - SQL Injection
SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action.
CVE-2011-5177 EXPLOITDB text WRITEUP
eSyndiCat Pro 2.3.05 - Cross-Site Scripting via Admin Controller Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page.
CVE-2007-3811 EXPLOITDB text WORKING POC
eSyndiCat - SQL Injection via News ID or Page Name Parameter
Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.
EIP-2026-106779 EXPLOITDB text WRITEUP
EEB-CMS 0.95 - 'index.php' Cross-Site Scripting
EIP-2026-106711 EXPLOITDB text WORKING POC
Easyedit CMS - 'news.php?intPageID' SQL Injection
EIP-2026-106713 EXPLOITDB text WORKING POC
Easyedit CMS - 'subcategory.php?intSubCategoryID' SQL Injection
EIP-2026-106712 EXPLOITDB text WORKING POC
Easyedit CMS - 'page.php?intPageID' SQL Injection
CVE-2009-1624 EXPLOITDB text WRITEUP
Dew-NewPHPLinks 2.0 - Path Traversal via Show Parameter
Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter.
CVE-2008-5126 EXPLOITDB text WORKING POC
BoutikOne CMS - Stored Cross-Site Scripting via search_query Parameter
Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
CVE-2008-4497 EXPLOITDB text WORKING POC
Built2Go Real Estate Listings 1.5 - SQL Injection via event_id Parameter
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
CVE-2008-4336 EXPLOITDB text WORKING POC
Atomic Photo Album 1.1.0pre4 - Cross-Site Scripting via apa_album_ID Parameter
Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.