r0t

258 exploits Active since Oct 2000
CVE-2005-3958 EXPLOITDB text WRITEUP
Entergal MX 2.0 - SQL Injection via idcat or action Parameter
SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter.
CVE-2005-3875 EXPLOITDB text WRITEUP
Enterprise Connector < 1.0.2 - SQL Injection via MessageID Parameter
Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
CVE-2005-3875 EXPLOITDB text WRITEUP
Enterprise Connector < 1.0.2 - SQL Injection via MessageID Parameter
Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
CVE-2006-2689 EXPLOITDB text WRITEUP
eva-web < 2.1.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.
CVE-2006-2689 EXPLOITDB text WRITEUP
eva-web < 2.1.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.
CVE-2005-3972 EXPLOITDB text WORKING POC
Extreme Search Corporate Edition <= 6.0 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2005-3826 EXPLOITDB text WRITEUP
ezyhelpdesk 1.0 - SQL Injection via edit_id, faq_id, c_id, and Search Parameters
Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter.
CVE-2005-3943 EXPLOITDB text WRITEUP
ilyav FAQ System <1.1 - SQL Injection
Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php.
CVE-2005-3943 EXPLOITDB text WRITEUP
ilyav FAQ System <1.1 - SQL Injection
Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php.
CVE-2005-3882 EXPLOITDB text WRITEUP
FAQSystems FAQRing Knowledge Base Software < 3.0 - SQL Injection via answer.php id Parameter
SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4527 EXPLOITDB text WRITEUP
Direct News 4.9 - SQL Injection via setLang Parameter
Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.
EIP-2026-106597 EXPLOITDB text WRITEUP
DRZES Hms 3.2 - Multiple SQL Injections
CVE-2005-3956 EXPLOITDB text WRITEUP
DMANews 0.904 and 0.910 - SQL Injection via id, sortorder, or display_num Parameters
Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action.
CVE-2006-2255 EXPLOITDB text WRITEUP
Creative Community Portal <= 1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
CVE-2006-2255 EXPLOITDB text WRITEUP
Creative Community Portal <= 1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
CVE-2006-2255 EXPLOITDB text WRITEUP
Creative Community Portal <= 1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
CVE-2006-2255 EXPLOITDB text WRITEUP
Creative Community Portal <= 1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
CVE-2006-1430 EXPLOITDB text WRITEUP
controlzx/hms < 3.3.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php.
CVE-2006-1430 EXPLOITDB text WRITEUP
controlzx/hms < 3.3.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php.
CVE-2006-1430 EXPLOITDB text WRITEUP
controlzx/hms < 3.3.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php.
CVE-2005-4390 EXPLOITDB text WRITEUP
contentserv < 3.1 - SQL Injection via StoryID Parameter
SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter.
CVE-2006-1508 EXPLOITDB text WRITEUP
MH Software Connect Daily Web Calendar Software <3.2.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.
CVE-2006-1508 EXPLOITDB text WRITEUP
MH Software Connect Daily Web Calendar Software <3.2.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.
CVE-2006-1508 EXPLOITDB text WRITEUP
MH Software Connect Daily Web Calendar Software <3.2.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.
CVE-2006-1508 EXPLOITDB text WRITEUP
MH Software Connect Daily Web Calendar Software <3.2.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.