laurent gaffie - Security Researcher - Exploit Intelligence Platform

EIP-2026-100553 EXPLOITDB text WORKING POC

SitesOutlet eCommerce Kit - Multiple SQL Injections

View Code

CVE-2006-6929 EXPLOITDB text WRITEUP

Rapid Classified 3.1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.

View Code

CVE-2006-6930 EXPLOITDB text WRITEUP

Rapid Classified 3.1 - SQL Injection via viewad.asp id Parameter

SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

View Code

CVE-2006-6929 EXPLOITDB text WRITEUP

Rapid Classified 3.1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.

View Code

CVE-2006-6929 EXPLOITDB text WRITEUP

Rapid Classified 3.1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.

View Code

CVE-2006-6929 EXPLOITDB text WRITEUP

Rapid Classified 3.1 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.

View Code

EIP-2026-100485 EXPLOITDB text WRITEUP

Pilot Cart 7.2 - 'Pilot.asp' SQL Injection

View Code

CVE-2006-6153 EXPLOITDB text WRITEUP

vSpin.net Classified System 2004 - Cross-Site Scripting via catname or minprice Parameter

Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp.

View Code

CVE-2006-6152 EXPLOITDB text WRITEUP

vSpin.net Classified System 2004 - SQL Injection via cat Parameter or search.asp Parameters

Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp.

View Code

CVE-2006-6153 EXPLOITDB text WRITEUP

vSpin.net Classified System 2004 - Cross-Site Scripting via catname or minprice Parameter

Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp.

View Code

CVE-2006-6152 EXPLOITDB text WRITEUP

vSpin.net Classified System 2004 - SQL Injection via cat Parameter or search.asp Parameters

Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp.

View Code

CVE-2006-6768 EXPLOITDB text WRITEUP

PWP Technologies The Classified Ad System - XSS

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter.

View Code

CVE-2006-6708 EXPLOITDB text WORKING POC

MGinternet Property Site Manager - XSS

Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter.

View Code

CVE-2006-6709 EXPLOITDB text WRITEUP

MGinternet Property Site Manager - SQL Injection

Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information.

View Code

CVE-2006-6709 EXPLOITDB text WRITEUP

MGinternet Property Site Manager - SQL Injection

Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information.

View Code

CVE-2006-6709 EXPLOITDB text WRITEUP

MGinternet Property Site Manager - SQL Injection

Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-100394 EXPLOITDB text WRITEUP

Link Exchange Lite 1.0 - Multiple SQL Injections

View Code

CVE-2006-6342 EXPLOITDB text WRITEUP

KLF-REALTY - SQL Injection via Category, Agent, or Property ID Parameters

Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp.

View Code

CVE-2006-6342 EXPLOITDB text WRITEUP

KLF-REALTY - SQL Injection via Category, Agent, or Property ID Parameters

Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp.

View Code

CVE-2006-6147 EXPLOITDB text WRITEUP

JiRos Links Manager - SQL Injection via LinkID or CategoryID Parameter

Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.

View Code

CVE-2006-6147 EXPLOITDB text WRITEUP

JiRos Links Manager - SQL Injection via LinkID or CategoryID Parameter

Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.

View Code

CVE-2006-5943 EXPLOITDB text WRITEUP

Website Designs for Less Inventory Manager - SQL Injection via pictable picfield or where Parameter

Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter.

View Code

CVE-2006-5958 EXPLOITDB text WORKING POC

infinicart - Cross-Site Scripting via Login Username/Password, Search, and Email Fields

Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.

View Code

CVE-2006-5958 EXPLOITDB text WORKING POC

infinicart - Cross-Site Scripting via Login Username/Password, Search, and Email Fields

Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.

View Code

CVE-2006-5958 EXPLOITDB text WRITEUP

infinicart - Cross-Site Scripting via Login Username/Password, Search, and Email Fields

Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.

View Code