r45c4l

33 exploits Active since May 2007
CVE-2008-4073 EXPLOITDB text WORKING POC
Zanfi Autodealers CMS AutOnline - SQL Injection via pageid Parameter
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
CVE-2008-2335 EXPLOITDB text WORKING POC
Vastal I-Tech phpVID 1.1, 1.2, 1.2.3 - Cross-Site Scripting via Search Results Query Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-0429 EXPLOITDB text WORKING POC
AlstraSoft Forum Pay Per Post Exchange 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
EIP-2026-115095 EXPLOITDB text WORKING POC
Core Impact 7.5 - Denial of Service
CVE-2008-4625 EXPLOITDB text WORKING POC
ShiftThis Newsletter - SQL Injection via Newsletter Parameter
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
CVE-2008-3774 EXPLOITDB text WORKING POC
Simasy CMS - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6469 EXPLOITDB text WORKING POC
PlainCart 1.1.2 - SQL Injection via Index.php p Parameter
SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2008-4187 EXPLOITDB text WORKING POC
ProActive CMS - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2012-5333 EXPLOITDB text WRITEUP
Pre Printing Press - SQL Injection via id Parameter
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4361 EXPLOITDB text WORKING POC
PowerPortal 2.0.13 - Path Traversal via Path Parameter
Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI.
CVE-2008-4347 EXPLOITDB text WORKING POC
Powie pNews 2.03 - SQL Injection via newsid Parameter
SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-4157 EXPLOITDB text WORKING POC
Vastal I-Tech phpVID 1.1 and 1.2.3 - SQL Injection via groups.php cat Parameter
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-6779 EXPLOITDB text WORKING POC
PHP-Nuke Sarkilar Module - SQL Injection via id Parameter
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
CVE-2008-3713 EXPLOITDB text WORKING POC
phpbasket - SQL Injection via pro_id Parameter
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.
EIP-2026-110653 EXPLOITDB text WRITEUP
PHP Auto Listings Script - Authentication Bypass
CVE-2008-4738 EXPLOITDB text WORKING POC
MyCard 1.0.2 - SQL Injection via Gallery.php ID Parameter
SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6525 EXPLOITDB text WRITEUP
Nice PHP FAQ Script - SQL Injection via Admin Panel Password Parameter
SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).
CVE-2008-6451 EXPLOITDB text WORKING POC
jPORTAL 2 - SQL Injection via humor.php id Parameter
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
CVE-2008-5988 EXPLOITDB text WORKING POC
Jadu CMS for Government - SQL Injection via recruit_details.php id Parameter
SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4354 EXPLOITDB text WORKING POC
NetArt Media iBoutique 4.0 - SQL Injection via Cat Parameter
SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
CVE-2008-7008 EXPLOITDB text WRITEUP
HyperStop Web Host Directory 1.2 - Unauthenticated Database Backup Download via Direct Request
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.
CVE-2008-7120 EXPLOITDB text WORKING POC
hot_links_sql-php < 3 - SQL Injection via news.php Parameter
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
EIP-2026-106380 EXPLOITDB text WORKING POC
DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities
CVE-2008-4458 EXPLOITDB text WORKING POC
E-Php B2B Trading Marketplace Script - SQL Injection via listings.php cid Parameter
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.
EIP-2026-105896 EXPLOITDB text WORKING POC
ClassifiedsGeek.com Vacation Packages - 'listing_search' SQL Injection