r0t

258 exploits Active since Oct 2000
CVE-2006-1508 EXPLOITDB text WRITEUP
MH Software Connect Daily Web Calendar Software <3.2.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.
CVE-2005-3825 EXPLOITDB text WRITEUP
Comdev Vote Caster < 3.1 - SQL Injection via campaign_id Parameter
SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.
CVE-2007-2805 EXPLOITDB text WRITEUP
ClientExec < 3.0_beta2 - Cross-Site Scripting via ticketID, view, or fuse Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.
CVE-2006-2141 EXPLOITDB text WRITEUP
Collaborative Portal Server <= 3.4.0 - Cross-Site Scripting via popup_image pos Argument
Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument.
CVE-2006-2255 EXPLOITDB text WRITEUP
Creative Community Portal <= 1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
CVE-2006-2255 EXPLOITDB text WRITEUP
Creative Community Portal <= 1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
CVE-2005-3953 EXPLOITDB text WRITEUP
Bedeng PSP 1.1 - SQL Injection via cwhere or ckode Parameter
SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php.
CVE-2005-4055 EXPLOITDB text WRITEUP
Cars Portal < 1.1 - SQL Injection via Page or Car Parameter
SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters.
CVE-2005-3911 EXPLOITDB text WRITEUP
BosDates 4.0 - SQL Injection via Year and Category Parameters
Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters.
CVE-2005-4380 EXPLOITDB text WRITEUP
Bitweaver 1.1-1.1.1 beta - SQL Injection
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
CVE-2005-4380 EXPLOITDB text WRITEUP
Bitweaver 1.1-1.1.1 beta - SQL Injection
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
CVE-2005-4380 EXPLOITDB text WRITEUP
Bitweaver 1.1-1.1.1 beta - SQL Injection
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
CVE-2005-4380 EXPLOITDB text WRITEUP
Bitweaver 1.1-1.1.1 beta - SQL Injection
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
CVE-2005-4380 EXPLOITDB text WRITEUP
Bitweaver 1.1-1.1.1 beta - SQL Injection
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
CVE-2005-3864 EXPLOITDB text WORKING POC
SourceWell < 1.1.2 - SQL Injection via cnt Parameter
SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2.
CVE-2005-3953 EXPLOITDB text WRITEUP
Bedeng PSP 1.1 - SQL Injection via cwhere or ckode Parameter
SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php.
CVE-2005-3953 EXPLOITDB text WRITEUP
Bedeng PSP 1.1 - SQL Injection via cwhere or ckode Parameter
SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php.
CVE-2005-3827 EXPLOITDB text WRITEUP
agilebill < 1.4.92 - SQL Injection via product_cat id Parameter
SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-3920 EXPLOITDB text WRITEUP
Babe Logger 2 - SQL Injection via gal or id Parameter
SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php.
CVE-2005-3920 EXPLOITDB text WRITEUP
Babe Logger 2 - SQL Injection via gal or id Parameter
SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php.
CVE-2006-1852 EXPLOITDB text WRITEUP
Article Publisher Pro < 1.0.1 - SQL Injection via category.php cname Parameter
SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter.
CVE-2006-1685 EXPLOITDB text WRITEUP
APT-webshop-system <4.0 PRO, 3.0 BASIC, 3.0 LIGHT - SQL Injection
Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.
CVE-2005-3865 EXPLOITDB text WRITEUP
AllWeb search 3.0 - SQL Injection via Search Parameter
SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2006-2181 EXPLOITDB text WRITEUP
albinator < 2.0.8 - Cross-Site Scripting via cid or preloadSlideShow Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php.
CVE-2006-2181 EXPLOITDB text WRITEUP
albinator < 2.0.8 - Cross-Site Scripting via cid or preloadSlideShow Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php.