xprog

48 exploits Active since Jun 2007
CVE-2007-3447 EXPLOITDB text WORKING POC
Bugmall Shopping Cart - SQL Injection
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.
CVE-2007-3446 EXPLOITDB text WORKING POC
BugMall Shopping Cart <2.5 - Info Disclosure
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
CVE-2007-3433 EXPLOITDB text WORKING POC
Netart Media Pharmacy System < 2 - SQL Injection
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
CVE-2008-1711 EXPLOITDB text WORKING POC
Terong PHP Photo Gallery 1.0 - Info Disclosure
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-0429 EXPLOITDB text WORKING POC
Alstrasoft Forum Pay Per Post Exchange - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
CVE-2007-3518 EXPLOITDB text WORKING POC
Hispah Youtube Clone Script - SQL Injection
SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3981 EXPLOITDB text WORKING POC
Wsn Links - SQL Injection
SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.
CVE-2008-6209 EXPLOITDB text WORKING POC
Vastal Software Zone - SQL Injection
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2007-3687 EXPLOITDB text WORKING POC
Infernotechnologies Rpg Inferno < 2.4 - SQL Injection
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.
CVE-2007-3840 EXPLOITDB text WORKING POC
Sitetrafficstats - SQL Injection
SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-2007-3515 EXPLOITDB text WORKING POC
Sweetphp Totalcalendar < 2.402 - SQL Injection
SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3582 EXPLOITDB text WORKING POC
Inforest Communications Supercali - SQL Injection
SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.
EIP-2026-112336 EXPLOITDB text WRITEUP
Software Index 1.1 - 'cid' SQL Injection
CVE-2007-3810 EXPLOITDB text WORKING POC
It747 Realtor 747 - SQL Injection
SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
CVE-2008-1316 EXPLOITDB html WORKING POC
QT-cute QuickTalk Forum <1.6 - SQL Injection
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3881 EXPLOITDB text WORKING POC
Pictures Rating - SQL Injection
SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
CVE-2007-4362 EXPLOITDB text WORKING POC
Prozilla Webring - SQL Injection
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-1785 EXPLOITDB text WRITEUP
Prozilla Top 100 1.2 - RCE
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
CVE-2007-4258 EXPLOITDB text WORKING POC
Prozilla Pub Site Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-3809 EXPLOITDB text WORKING POC
Prozilla Directory Script - SQL Injection
Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
CVE-2007-3610 EXPLOITDB text WORKING POC
Vastal I-tech Phpvid - SQL Injection
SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-1305 EXPLOITDB text WORKING POC
Filebase mod for phpBB - SQL Injection
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4054 EXPLOITDB text WORKING POC
PHP123 Top Sites - SQL Injection
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-6462 EXPLOITDB text WORKING POC
PHP Real Estate Classifieds - SQL Injection
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3434 EXPLOITDB text WORKING POC
Pharmacy System <2 - Info Disclosure
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.