r0t

258 exploits Active since Oct 2000
EIP-2026-109851 EXPLOITDB text WRITEUP
Nelogic Nephp Publisher 4.5.2 - SQL Injection
CVE-2006-1853 EXPLOITDB text WRITEUP
Moderngigabyte Modernbill < 4.3.2 - SQL Injection
Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.
CVE-2005-4408 EXPLOITDB text WRITEUP
Miraserver <1.0 RC4 - SQL Injection
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.
CVE-2005-4408 EXPLOITDB text WRITEUP
Miraserver <1.0 RC4 - SQL Injection
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.
CVE-2005-4250 EXPLOITDB text WRITEUP
Mcgallery Pro - Path Traversal
Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter.
CVE-2005-4251 EXPLOITDB text WRITEUP
Mcgallery Pro - SQL Injection
Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php.
CVE-2005-4251 EXPLOITDB text WRITEUP
Mcgallery Pro - SQL Injection
Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php.
CVE-2006-2126 EXPLOITDB text WRITEUP
Avalon LTD Maxtrade - SQL Injection
SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters.
CVE-2005-4408 EXPLOITDB text WRITEUP
Miraserver <1.0 RC4 - SQL Injection
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.
CVE-2005-3988 EXPLOITDB php WORKING POC
Pineapple Technologies Lore - SQL Injection
SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-109222 EXPLOITDB text WRITEUP
ltwCalendar 4.1.3 - 'calendar.php' SQL Injection
CVE-2005-4238 EXPLOITDB text WORKING POC
Mantis - XSS
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVE-2005-4403 EXPLOITDB text WRITEUP
Marwel <2.7 - SQL Injection
SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.
EIP-2026-108981 EXPLOITDB text WRITEUP
KBase Express 1.0 - Multiple SQL Injections
CVE-2005-3868 EXPLOITDB text WRITEUP
Turn-k K-search < 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.
CVE-2006-1929 EXPLOITDB text WRITEUP
I-Rater Platinum - RCE
PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2006-3776 EXPLOITDB text WRITEUP
Idevspot Autohost - Code Injection
PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2005-3986 EXPLOITDB text WRITEUP
Verosky Media Instant Photo Gallery < 1 - SQL Injection
Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php.
EIP-2026-107823 EXPLOITDB text WORKING POC
INCOGEN Bugport 1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107824 EXPLOITDB text WRITEUP
INCOGEN Bugport 1.x - Multiple SQL Injections
CVE-2006-3777 EXPLOITDB text WRITEUP
Idevspot Phplinkexchange - Code Injection
PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2005-3986 EXPLOITDB text WRITEUP
Verosky Media Instant Photo Gallery < 1 - SQL Injection
Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php.
CVE-2005-3908 EXPLOITDB text WRITEUP
Amazon Shop < 5.0.0 - XSS
Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter.
CVE-2005-3958 EXPLOITDB text WRITEUP
Entergal MX - SQL Injection
SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter.
CVE-2005-3870 EXPLOITDB text WRITEUP
Edmobbs < 0.9 - SQL Injection
Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.