r0t

258 exploits Active since Oct 2000
CVE-2005-3884 EXPLOITDB text WORKING POC
Zainu <= 2.0 - SQL Injection via Search Term and Start Parameters
Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php.
CVE-2005-3939 EXPLOITDB text WRITEUP
WSN Knowledge Base < 1.2.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.
CVE-2005-3939 EXPLOITDB text WRITEUP
WSN Knowledge Base < 1.2.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.
CVE-2005-3939 EXPLOITDB text WRITEUP
WSN Knowledge Base < 1.2.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.
CVE-2005-3916 EXPLOITDB text WRITEUP
WSN Forum 1.21 - SQL Injection via Memberlist Profile ID Parameter
SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action.
CVE-2005-4255 EXPLOITDB text WORKING POC
WikkaWiki < 1.1.6.0 - Cross-Site Scripting via Hex-Encoded Phrase Parameter
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.
CVE-2005-4039 EXPLOITDB text WRITEUP
Web4Future Portal Solutions News Portal - Directory Traversal via arhiva.php dir Parameter
Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter.
CVE-2005-4034 EXPLOITDB text WRITEUP
Web4Future eDating Professional 5 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php.
CVE-2007-4178 EXPLOITDB text WRITEUP
WebDirector < 2.2 - Cross-Site Scripting via deslocal Parameter
Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.
CVE-2005-4034 EXPLOITDB text WRITEUP
Web4Future eDating Professional 5 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php.
CVE-2005-4034 EXPLOITDB text WRITEUP
Web4Future eDating Professional 5 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php.
CVE-2005-4037 EXPLOITDB text WRITEUP
Web4Future Affiliate Manager PRO <4.1 - SQL Injection
SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2005-4034 EXPLOITDB text WRITEUP
Web4Future eDating Professional 5 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php.
EIP-2026-113231 EXPLOITDB text WRITEUP
Web4Future Portal Solutions - 'Comentarii.php' SQL Injection
CVE-2006-1980 EXPLOITDB text WRITEUP
W2B Online Banking - Cross-Site Scripting via Query String or SID/ilang Parameters
Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter.
CVE-2006-1673 EXPLOITDB text WORKING POC
Dark_Wizard vBug Tracker <3.5.1 - XSS
Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.
CVE-2005-3872 EXPLOITDB text WRITEUP
ugroup < 2.6.2 - SQL Injection via FORUM_ID or TOPIC_ID Parameter
Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.
CVE-2005-4781 EXPLOITDB text WRITEUP
SergiDs Top Music module <3.0 PR3 - SQL Injection
Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php.
CVE-2005-3872 EXPLOITDB text WRITEUP
ugroup < 2.6.2 - SQL Injection via FORUM_ID or TOPIC_ID Parameter
Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.
CVE-2006-1661 EXPLOITDB text WRITEUP
skforum < 1.5 - Cross-Site Scripting via areaID, time, and userID Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.
CVE-2006-1661 EXPLOITDB text WRITEUP
skforum < 1.5 - Cross-Site Scripting via areaID, time, and userID Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.
CVE-2005-3879 EXPLOITDB text WRITEUP
Softbiz Resource Repository Script <= 1.1 - SQL Injection via sbres_id or sbcat_id Parameter
Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php.
CVE-2005-3937 EXPLOITDB text WRITEUP
Softbiz B2B Trading Marketplace Script < 1.1 - SQL Injection via cid Parameter
SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.
CVE-2005-3937 EXPLOITDB text WRITEUP
Softbiz B2B Trading Marketplace Script < 1.1 - SQL Injection via cid Parameter
SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.
CVE-2006-1661 EXPLOITDB text WRITEUP
skforum < 1.5 - Cross-Site Scripting via areaID, time, and userID Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.