r0t - Security Researcher - Exploit Intelligence Platform

CVE-2005-3873 EXPLOITDB text WRITEUP

Sourceshock Shockboard - SQL Injection

SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter.

View Code

CVE-2005-4243 EXPLOITDB text WRITEUP

Quickpaypro - SQL Injection

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.

View Code

CVE-2006-1706 EXPLOITDB text WRITEUP

Shopweezle 2.0 - SQL Injection

Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

View Code

CVE-2005-4243 EXPLOITDB text WRITEUP

Quickpaypro - SQL Injection

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.

View Code

CVE-2006-1706 EXPLOITDB text WRITEUP

Shopweezle 2.0 - SQL Injection

Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

View Code

CVE-2005-4243 EXPLOITDB text WRITEUP

Quickpaypro - SQL Injection

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.

View Code

CVE-2005-4243 EXPLOITDB text WRITEUP

Quickpaypro - SQL Injection

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.

View Code

CVE-2005-4243 EXPLOITDB text WRITEUP

Quickpaypro - SQL Injection

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.

View Code

CVE-2005-4243 EXPLOITDB text WRITEUP

Quickpaypro - SQL Injection

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.

View Code

CVE-2005-3844 EXPLOITDB text WRITEUP

Phpwordpress Php News And Article Manager - SQL Injection

SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.

View Code

CVE-2006-2163 EXPLOITDB text WRITEUP

Desert DOG Software Pinnacle Cart - XSS

Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.

View Code

CVE-2006-1947 EXPLOITDB text WRITEUP

Nicplex Plexum < x5 - SQL Injection

Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters.

View Code

EIP-2026-111503 EXPLOITDB text WRITEUP

Primo Place Primo Cart 1.0 - Multiple SQL Injections

View Code

CVE-2005-3909 EXPLOITDB text WRITEUP

Post Affiliate Pro < 2.0.4 - SQL Injection

SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter.

View Code

CVE-2005-4246 EXPLOITDB text WRITEUP

Plogger - SQL Injection

SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter.

View Code

CVE-2005-4054 EXPLOITDB text WRITEUP

Pluggedout Blog < 1.9.4 - SQL Injection

SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.

View Code

CVE-2005-4247 EXPLOITDB text WORKING POC

Plogger - XSS

Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.

View Code

EIP-2026-111139 EXPLOITDB text WRITEUP

phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting

View Code

CVE-2006-1825 EXPLOITDB text WRITEUP

Phplinks < 2.1.3.1 - XSS

Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter.

View Code

CVE-2006-2016 EXPLOITDB text WORKING POC

Phpldapadmin < 0.9.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

View Code

CVE-2006-2016 EXPLOITDB text WRITEUP

Phpldapadmin < 0.9.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

View Code

CVE-2006-2016 EXPLOITDB text WRITEUP

Phpldapadmin < 0.9.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

View Code

CVE-2006-2016 EXPLOITDB text WRITEUP

Phpldapadmin < 0.9.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

View Code

EIP-2026-110913 EXPLOITDB text WRITEUP

PHPAccounts 0.5 - 'index.php' Multiple SQL Injections

View Code

CVE-2006-1428 EXPLOITDB text WRITEUP

phpCOIN <1.2.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.

View Code