joseph.giron13

11 exploits Active since Jul 2007
CVE-2007-4359 EXPLOITDB text WORKING POC
SkilMatch Staffing Systems JobLister3 - SQL Injection
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action.
CVE-2007-5915 EXPLOITDB text WRITEUP
phphelpdesk <0.6.16 - Path Traversal
Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter.
CVE-2007-3889 EXPLOITDB text WRITEUP
insanely_simple_blog < 0.5 - SQL Injection via current_subsection Parameter
Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.
CVE-2007-3888 EXPLOITDB text WORKING POC
insanely_simple_blog <= 0.5 - Cross-Site Scripting via Search Action or Anonymous Blog Entry
Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information.
CVE-2007-4047 EXPLOITDB text WRITEUP
geoblog 1 - Unauthenticated Arbitrary Comment and Blog Deletion via Admin Endpoints
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
CVE-2007-4047 EXPLOITDB text WRITEUP
geoblog 1 - Unauthenticated Arbitrary Comment and Blog Deletion via Admin Endpoints
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
EIP-2026-107568 EXPLOITDB text WRITEUP
Heathco Software h2desk - Multiple Information Disclosure Vulnerabilities
EIP-2026-100809 EXPLOITDB text WORKING POC
GWExtranet - Multiple Directory Traversal Vulnerabilities
CVE-2007-6032 EXPLOITDB text WORKING POC
Aleris Web Publishing Server 3.0 - SQL Injection
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
EIP-2026-100293 EXPLOITDB text WORKING POC
E-vanced Solutions E-vents 5.0 - Multiple Input Validation Vulnerabilities
CVE-2008-6875 EXPLOITDB text WORKING POC
ASP Product Catalog - SQL Injection via cid Parameter
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.