r0t - Security Researcher - Exploit Intelligence Platform

CVE-2005-3937 EXPLOITDB text WRITEUP

Softbiz B2B Trading Marketplace Script < 1.1 - SQL Injection via cid Parameter

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

View Code

CVE-2005-3937 EXPLOITDB text WRITEUP

Softbiz B2B Trading Marketplace Script < 1.1 - SQL Injection via cid Parameter

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

View Code

CVE-2005-3938 EXPLOITDB text WRITEUP

Softbiz FAQ Script < 1.1 - SQL Injection via id Parameter

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.

View Code

CVE-2005-3817 EXPLOITDB text WRITEUP

Softbiz Web Host Directory Script < 1.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.

View Code

CVE-2005-3817 EXPLOITDB text WRITEUP

Softbiz Web Host Directory Script < 1.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.

View Code

CVE-2005-3877 EXPLOITDB text WRITEUP

Simple Document Management System < 2.0-cvs - SQL Injection via folder_id or mid Parameter

Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.

View Code

CVE-2005-3877 EXPLOITDB text WRITEUP

Simple Document Management System < 2.0-cvs - SQL Injection via folder_id or mid Parameter

Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.

View Code

CVE-2005-3817 EXPLOITDB text WRITEUP

Softbiz Web Host Directory Script < 1.1 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.

View Code

CVE-2005-3937 EXPLOITDB text WRITEUP

Softbiz B2B Trading Marketplace Script < 1.1 - SQL Injection via cid Parameter

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

View Code

CVE-2005-3938 EXPLOITDB text WRITEUP

Softbiz FAQ Script < 1.1 - SQL Injection via id Parameter

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.

View Code

CVE-2005-4245 EXPLOITDB text WRITEUP

Snipe Gallery < 3.1.4 - Cross-Site Scripting via Search Keyword Parameter

Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

View Code

CVE-2005-4244 EXPLOITDB text WRITEUP

Snipe Gallery < 3.1.4 - SQL Injection via Gallery ID or Image ID Parameter

SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php.

View Code

CVE-2005-3938 EXPLOITDB text WRITEUP

Softbiz FAQ Script < 1.1 - SQL Injection via id Parameter

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.

View Code

CVE-2005-4244 EXPLOITDB text WRITEUP

Snipe Gallery < 3.1.4 - SQL Injection via Gallery ID or Image ID Parameter

SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php.

View Code

CVE-2005-3879 EXPLOITDB text WRITEUP

Softbiz Resource Repository Script <= 1.1 - SQL Injection via sbres_id or sbcat_id Parameter

Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php.

View Code

CVE-2007-4264 EXPLOITDB text WRITEUP

Kai Blankenhorn Bitfolge snif <1.5.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters.

View Code

CVE-2006-1661 EXPLOITDB text WRITEUP

skforum < 1.5 - Cross-Site Scripting via areaID, time, and userID Parameters

Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.

View Code

CVE-2005-3879 EXPLOITDB text WRITEUP

Softbiz Resource Repository Script <= 1.1 - SQL Injection via sbres_id or sbcat_id Parameter

Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php.

View Code

CVE-2005-3879 EXPLOITDB text WRITEUP

Softbiz Resource Repository Script <= 1.1 - SQL Injection via sbres_id or sbcat_id Parameter

Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php.

View Code

CVE-2006-1661 EXPLOITDB text WRITEUP

skforum < 1.5 - Cross-Site Scripting via areaID, time, and userID Parameters

Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.

View Code

CVE-2006-1661 EXPLOITDB text WRITEUP

skforum < 1.5 - Cross-Site Scripting via areaID, time, and userID Parameters

Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.

View Code

CVE-2005-3935 EXPLOITDB text WRITEUP

socketkb < 1.1.0 - SQL Injection via node or art_id Parameters

SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters.

View Code

CVE-2005-3938 EXPLOITDB text WRITEUP

Softbiz FAQ Script < 1.1 - SQL Injection via id Parameter

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.

View Code

CVE-2006-1706 EXPLOITDB text WRITEUP

Shopweezle 2.0 - SQL Injection via itemID, itemgr, brandID, or album Parameters

Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

View Code

EIP-2026-111962 EXPLOITDB text WRITEUP

SearchSolutions 1.2/1.3 (Multiple Products) - Cross-Site Scripting

View Code