r45c4l

33 exploits Active since May 2007
CVE-2008-4073 EXPLOITDB text WORKING POC
Zanfi Solutions Autodealers Cms Autonline - SQL Injection
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
CVE-2008-2335 EXPLOITDB text WORKING POC
Vastal Phpvid - XSS
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-0429 EXPLOITDB text WORKING POC
Alstrasoft Forum Pay Per Post Exchange - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
EIP-2026-115095 EXPLOITDB text WORKING POC
Core Impact 7.5 - Denial of Service
CVE-2008-4625 EXPLOITDB text WORKING POC
Shiftthis Shifthis Newsletter - SQL Injection
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
CVE-2008-3774 EXPLOITDB text WORKING POC
Simasy CMS - SQL Injection
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6469 EXPLOITDB text WORKING POC
Plaincart - SQL Injection
SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2008-4187 EXPLOITDB text WORKING POC
Proactive Cms - Path Traversal
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2012-5333 EXPLOITDB text WRITEUP
Pre Printing Press - SQL Injection
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4361 EXPLOITDB text WORKING POC
Powerportal - Path Traversal
Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI.
CVE-2008-4347 EXPLOITDB text WORKING POC
Powie Pnews - SQL Injection
SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-4157 EXPLOITDB text WORKING POC
Vastal Phpvid - SQL Injection
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
CVE-2008-6779 EXPLOITDB text WORKING POC
Phpnuke Sarkilar Module - SQL Injection
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
CVE-2008-3713 EXPLOITDB text WORKING POC
PHPBasket - SQL Injection
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.
EIP-2026-110653 EXPLOITDB text WRITEUP
PHP Auto Listings Script - Authentication Bypass
CVE-2008-4738 EXPLOITDB text WORKING POC
Tufat Mycard - SQL Injection
SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6525 EXPLOITDB text WRITEUP
Nicephpscripts Nice Php Faq Script - SQL Injection
SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).
CVE-2008-6451 EXPLOITDB text WORKING POC
Jportal - SQL Injection
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
CVE-2008-5988 EXPLOITDB text WORKING POC
Jadu CMS - SQL Injection
SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4354 EXPLOITDB text WORKING POC
NET ART Media Iboutique - SQL Injection
SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
CVE-2008-7008 EXPLOITDB text WRITEUP
Hyperstop Web Host Directory - Authentication Bypass
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.
CVE-2008-7120 EXPLOITDB text WORKING POC
Mrcgiguy Hot Links Sql-php < 3 - SQL Injection
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
EIP-2026-106380 EXPLOITDB text WORKING POC
DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities
CVE-2008-4458 EXPLOITDB text WORKING POC
E-php Scripts B2b Trading Marketplace Script - SQL Injection
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.
EIP-2026-105896 EXPLOITDB text WORKING POC
ClassifiedsGeek.com Vacation Packages - 'listing_search' SQL Injection