r0t

258 exploits Active since Oct 2000
EIP-2026-109851 EXPLOITDB text WRITEUP
Nelogic Nephp Publisher 4.5.2 - SQL Injection
CVE-2006-1853 EXPLOITDB text WRITEUP
ModernBill < 4.3.2 - SQL Injection via User ID or Admin Where/Order Parameters
Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.
CVE-2005-4408 EXPLOITDB text WRITEUP
Miraserver <1.0 RC4 - SQL Injection
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.
CVE-2005-4408 EXPLOITDB text WRITEUP
Miraserver <1.0 RC4 - SQL Injection
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.
CVE-2005-4250 EXPLOITDB text WRITEUP
mcgallery_pro 2.2 - Directory Traversal via Language Parameter
Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter.
CVE-2005-4251 EXPLOITDB text WRITEUP
mcGallery PRO 2.2 - SQL Injection via id start rand or album Parameters
Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php.
CVE-2005-4251 EXPLOITDB text WRITEUP
mcGallery PRO 2.2 - SQL Injection via id start rand or album Parameters
Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php.
CVE-2006-2126 EXPLOITDB text WRITEUP
MaxTrade 1.0.1 - SQL Injection via pocategories.php Parameters
SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters.
CVE-2005-4408 EXPLOITDB text WRITEUP
Miraserver <1.0 RC4 - SQL Injection
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.
CVE-2005-3988 EXPLOITDB php WORKING POC
Lore 1.5.4 - SQL Injection via article.php id Parameter
SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-109222 EXPLOITDB text WRITEUP
ltwCalendar 4.1.3 - 'calendar.php' SQL Injection
CVE-2005-4238 EXPLOITDB text WORKING POC
Mantis <= 1.0.0rc3 - Cross-Site Scripting via view_filters_page.php target_field Parameter
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVE-2005-4403 EXPLOITDB text WRITEUP
Marwel < 2.7 - SQL Injection via Show Parameter
SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.
EIP-2026-108981 EXPLOITDB text WRITEUP
KBase Express 1.0 - Multiple SQL Injections
CVE-2005-3868 EXPLOITDB text WRITEUP
K-Search < 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.
CVE-2006-1929 EXPLOITDB text WRITEUP
i-rater Platinum - Remote File Inclusion via include_path Parameter
PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2006-3776 EXPLOITDB text WRITEUP
IDevSpot AutoHost and PhpHostBot - Remote Code Execution via order/index.php page Parameter
PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2005-3986 EXPLOITDB text WRITEUP
Instant Photo Gallery < 1 - SQL Injection via cat_id or cid Parameter
Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php.
EIP-2026-107823 EXPLOITDB text WORKING POC
INCOGEN Bugport 1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107824 EXPLOITDB text WRITEUP
INCOGEN Bugport 1.x - Multiple SQL Injections
CVE-2006-3777 EXPLOITDB text WRITEUP
IDevSpot PhpLinkExchange 1.0 - Remote Code Execution via Page Parameter
PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2005-3986 EXPLOITDB text WRITEUP
Instant Photo Gallery < 1 - SQL Injection via cat_id or cid Parameter
Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php.
CVE-2005-3908 EXPLOITDB text WRITEUP
Amazon Shop < 5.0.0 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter.
CVE-2005-3958 EXPLOITDB text WRITEUP
Entergal MX 2.0 - SQL Injection via idcat or action Parameter
SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter.
CVE-2005-3870 EXPLOITDB text WRITEUP
edmobbs < 0.9 - SQL Injection via table or messageID Parameter
Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.