laurent gaffie

170 exploits Active since Dec 2004
CVE-2006-6082 EXPLOITDB text WRITEUP
CreaScripts Creadirectory - Cross-Site Scripting via cat Parameter or search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.
CVE-2006-6067 EXPLOITDB text WRITEUP
20/20 DataShed - SQL Injection via itemID, peopleID, or sort_order Parameters
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
CVE-2006-6092 EXPLOITDB text WRITEUP
20/20 Auto Gallery - SQL Injection via vehiclelistings.asp Parameters
Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.
CVE-2006-6083 EXPLOITDB text WRITEUP
CreaScripts Creadirectory - SQL Injection via search.asp Category Parameter
SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2006-6082 EXPLOITDB text WRITEUP
CreaScripts Creadirectory - Cross-Site Scripting via cat Parameter or search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.
CVE-2006-5945 EXPLOITDB text WRITEUP
MGinternet Car Site Manager - SQL Injection via p l typ or loc Parameter
Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp.
CVE-2006-5944 EXPLOITDB text WRITEUP
MGinternet Car Site Manager - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2006-5945 EXPLOITDB text WRITEUP
MGinternet Car Site Manager - SQL Injection via p l typ or loc Parameter
Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp.
CVE-2006-6109 EXPLOITDB text WRITEUP
CandyPress Store 3.5.2.14 - SQL Injection via Policy or Brand Parameter
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
CVE-2006-6109 EXPLOITDB text WRITEUP
CandyPress Store 3.5.2.14 - SQL Injection via Policy or Brand Parameter
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
CVE-2006-6021 EXPLOITDB text WORKING POC
BestWebApp Dating Site - SQL Injection via Login Username and Password Parameters
SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
CVE-2006-6022 EXPLOITDB text WRITEUP
BestWebApp Dating Site - Stored Cross-Site Scripting via Login Form Msg Parameter
Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-6067 EXPLOITDB text WRITEUP
20/20 DataShed - SQL Injection via itemID, peopleID, or sort_order Parameters
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
EIP-2026-100129 EXPLOITDB text WORKING POC
ASPCart 4.5 - Multiple SQL Injections
CVE-2004-1873 EXPLOITDB text WRITEUP
A-CART Pro and A-CART 2.0 - SQL Injection via catcode Parameter
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
CVE-2006-6096 EXPLOITDB text WRITEUP
ActiveNews Manager - Cross-Site Scripting via activenews_search.asp Query Parameter
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2006-6095 EXPLOITDB text WRITEUP
ActiveNews Manager - SQL Injection via articleID or page Parameter
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
CVE-2006-6094 EXPLOITDB text WRITEUP
ActiveNews Manager - SQL Injection via catID, articleID, or query Parameter
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.
CVE-2006-6095 EXPLOITDB text WRITEUP
ActiveNews Manager - SQL Injection via articleID or page Parameter
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
CVE-2006-6094 EXPLOITDB text WRITEUP
ActiveNews Manager - SQL Injection via catID, articleID, or query Parameter
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.