h0yt3r

15 exploits Active since Apr 2008
CVE-2008-1640 EXPLOITDB text WORKING POC
JGS-XA JGS-Treffen <2.0.2 - SQL Injection
SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.
EIP-2026-113362 EXPLOITDB text WRITEUP
webSPELL 4 - Authentication Bypass
CVE-2008-5269 EXPLOITDB text WORKING POC
powie psys 0.7.0 alpha - SQL Injection via shownews Parameter
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
CVE-2008-2904 EXPLOITDB text WORKING POC
phpmycart - SQL Injection via shop.php cat Parameter
SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-2816 EXPLOITDB text WRITEUP
Oxygen 2.0 - SQL Injection via repquote Parameter
SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.
CVE-2008-2815 EXPLOITDB perl WORKING POC
MyMarket 1.72 - SQL Injection via Shopping Index ID Parameter
SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2755 EXPLOITDB perl WORKING POC
jamm_cms - SQL Injection via id Parameter
SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2919 EXPLOITDB perl WORKING POC
Gryphon gllcTS2 4.2.4 - SQL Injection via listing.php sort Parameter
SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2008-2790 EXPLOITDB text WORKING POC
MountainGrafix easyTrade 2.x - SQL Injection via detail.php id Parameter
SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4889 EXPLOITDB perl WORKING POC
deV!L'z Clanportal <= 1.4.9.6 - SQL Injection via Users Parameter in Addbuddy Operation
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
CVE-2008-2909 EXPLOITDB perl WORKING POC
Clever Copy 3.0 - SQL Injection via Search Type Parameter
SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter.
CVE-2008-2866 EXPLOITDB python WORKING POC
CaupoShop Classic 1.3 - SQL Injection via saArticle[ID] Parameter
SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.
CVE-2008-3129 EXPLOITDB text WORKING POC
Catviz 0.4 beta 1 - SQL Injection via Foreign Key Value or Webpage Parameter
Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form.
CVE-2008-2918 EXPLOITDB perl WORKING POC
Cartweaver 3.0 - SQL Injection via details.php prodId Parameter
SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3.
CVE-2008-5198 EXPLOITDB text WORKING POC
Acmlmboard 1.A2 - SQL Injection via Memberlist pow Parameter
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.