snakespc

55 exploits Active since May 2007
CVE-2009-2019 EXPLOITDB text WRITEUP
Virtue News Manager - SQL Injection
SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter.
CVE-2009-1819 EXPLOITDB text WORKING POC
2daybiz Custom T-shirt Design Script - SQL Injection via product.php id Parameter
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1734 EXPLOITDB text WORKING POC
VidSharePro - SQL Injection via catid Parameter
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-4841 EXPLOITDB html WORKING POC
Roxio CinePlayer 3.2 - Remote Code Execution via DiskType Method
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.
CVE-2008-5490 EXPLOITDB text WORKING POC
PHPStore Yahoo Answers - SQL Injection
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1804 EXPLOITDB text WORKING POC
VideoScript.us YouTube Video Script - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-2020 EXPLOITDB text WRITEUP
Virtue News Manager - Cross-Site Scripting via nid Parameter
Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
CVE-2009-1735 EXPLOITDB text WORKING POC
VidSharePro - Cross-Site Scripting via searchtxt Parameter
Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-112663 EXPLOITDB text WORKING POC
Three Pillars Help Desk 3.0 - Authentication Bypass
CVE-2010-1095 EXPLOITDB text WORKING POC
Tracking Requirements & Use Cases <0.11.0 - XSS
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-112288 EXPLOITDB text WORKING POC
Social Engine - SQL Injection
CVE-2009-0400 EXPLOITDB text WORKING POC
SocialEngine 3.06 - SQL Injection via Blog Category ID Parameter
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2009-4728 EXPLOITDB text WRITEUP
Questions Answered <1.3 - SQL Injection
SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-111302 EXPLOITDB text WORKING POC
Pixelactivo 3.0 - 'idx' SQL Injection
CVE-2008-6115 EXPLOITDB text WORKING POC
Prozilla Hosting Index - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
CVE-2009-1787 EXPLOITDB text WORKING POC
PHP Dir Submit - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.
CVE-2008-5310 EXPLOITDB text WORKING POC
NetArt Media Car Portal 2.0 - SQL Injection
SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1346 EXPLOITDB text WORKING POC
NetHoteles 3.0 - SQL Injection via id_establecimiento Parameter
SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.
CVE-2008-5311 EXPLOITDB text WORKING POC
NetArt Media Blog System 1.5 - SQL Injection
SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2125 EXPLOITDB text WORKING POC
Musicbox 2.3.6-2.3.7 - SQL Injection via viewalbums.php artistId Parameter
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
CVE-2009-2018 EXPLOITDB text WRITEUP
Jared Eckersley MyCars - SQL Injection via authuserid Parameter
SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter.
EIP-2026-109923 EXPLOITDB text WRITEUP
NewsLetter Tailor 0.2.0 - Remote File Inclusion
EIP-2026-109282 EXPLOITDB text WORKING POC
Mambo Component AkoGallery - SQL Injection
CVE-2010-0753 EXPLOITDB perl WORKING POC
Joomla! com_sqlreport 1.1 - SQL Injection
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information.
EIP-2026-108983 EXPLOITDB html WORKING POC
KDPics 1.18 - '/admin/index.php' Authentication Bypass