r0t

258 exploits Active since Oct 2000
CVE-2005-3873 EXPLOITDB text WRITEUP
ShockBoard 3.0 and 4.0 - SQL Injection via Topic Offset Parameter
SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-2005-4243 EXPLOITDB text WRITEUP
QuickPayPro 3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
CVE-2006-1706 EXPLOITDB text WRITEUP
Shopweezle 2.0 - SQL Injection via itemID, itemgr, brandID, or album Parameters
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
CVE-2005-4243 EXPLOITDB text WRITEUP
QuickPayPro 3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
CVE-2006-1706 EXPLOITDB text WRITEUP
Shopweezle 2.0 - SQL Injection via itemID, itemgr, brandID, or album Parameters
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
CVE-2005-4243 EXPLOITDB text WRITEUP
QuickPayPro 3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
CVE-2005-4243 EXPLOITDB text WRITEUP
QuickPayPro 3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
CVE-2005-4243 EXPLOITDB text WRITEUP
QuickPayPro 3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
CVE-2005-4243 EXPLOITDB text WRITEUP
QuickPayPro 3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
CVE-2005-3844 EXPLOITDB text WRITEUP
phpWordPress PHP News and Article Manager 3.0 - SQL Injection via Poll, Category, or Archive Parameters
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.
CVE-2006-2163 EXPLOITDB text WRITEUP
Pinnacle Cart <= 3.33 - Cross-Site Scripting via setbackurl Parameter
Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.
CVE-2006-1947 EXPLOITDB text WRITEUP
NicPlex Plexum < X5 - SQL Injection via pagesize maxrec or startpos Parameter
Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters.
EIP-2026-111503 EXPLOITDB text WRITEUP
Primo Place Primo Cart 1.0 - Multiple SQL Injections
CVE-2005-3909 EXPLOITDB text WRITEUP
Post Affiliate Pro < 2.0.4 - SQL Injection via Sortorder Parameter
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter.
CVE-2005-4246 EXPLOITDB text WRITEUP
Plogger Beta 2 - SQL Injection via id or page Parameter
SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter.
CVE-2005-4054 EXPLOITDB text WRITEUP
PluggedOut Blog <= 1.9.5 - SQL Injection via index.php Parameters
SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.
CVE-2005-4247 EXPLOITDB text WORKING POC
Plogger Beta 2 - Cross-Site Scripting via Searchterms Parameter
Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.
EIP-2026-111139 EXPLOITDB text WRITEUP
phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting
CVE-2006-1825 EXPLOITDB text WRITEUP
phplinks < 2.1.3.1 - Cross-Site Scripting via Term Parameter
Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter.
CVE-2006-2016 EXPLOITDB text WORKING POC
phpldapadmin < 0.9.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
CVE-2006-2016 EXPLOITDB text WRITEUP
phpldapadmin < 0.9.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
CVE-2006-2016 EXPLOITDB text WRITEUP
phpldapadmin < 0.9.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
CVE-2006-2016 EXPLOITDB text WRITEUP
phpldapadmin < 0.9.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
EIP-2026-110913 EXPLOITDB text WRITEUP
PHPAccounts 0.5 - 'index.php' Multiple SQL Injections
CVE-2006-1428 EXPLOITDB text WRITEUP
phpCOIN <= 1.2.2 - Cross-Site Scripting via fs Parameter
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.