xprog

48 exploits Active since Jun 2007
CVE-2007-3447 EXPLOITDB text WORKING POC
BugMall Shopping Cart 2.5 - SQL Injection via Basic Search Box
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.
CVE-2007-3446 EXPLOITDB text WORKING POC
BugMall Shopping Cart <2.5 - Info Disclosure
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
CVE-2007-3433 EXPLOITDB text WORKING POC
Pharmacy System < 2 - SQL Injection via ID Parameter
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
CVE-2008-1711 EXPLOITDB text WORKING POC
Terong PHP Photo Gallery 1.0 - Info Disclosure
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-0429 EXPLOITDB text WORKING POC
AlstraSoft Forum Pay Per Post Exchange 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
CVE-2007-3518 EXPLOITDB text WORKING POC
hispah youtube_clone_script - SQL Injection via msg.php id Parameter
SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3981 EXPLOITDB text WORKING POC
WSN Links Basic Edition - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.
CVE-2008-6209 EXPLOITDB text WORKING POC
Vastal I-Tech Software Zone - SQL Injection via view_product.php cat_id Parameter
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2007-3687 EXPLOITDB text WORKING POC
RPG Inferno < 2.4 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.
CVE-2007-3840 EXPLOITDB text WORKING POC
sitetrafficstats - SQL Injection via referralUrl.php offset parameter
SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-2007-3515 EXPLOITDB text WORKING POC
TotalCalendar < 2.402 - SQL Injection via view_event.php id Parameter
SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3582 EXPLOITDB text WORKING POC
SuperCali PHP Event Calendar 0.4.0 - SQL Injection via o Parameter
SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.
EIP-2026-112336 EXPLOITDB text WRITEUP
Software Index 1.1 - 'cid' SQL Injection
CVE-2007-3810 EXPLOITDB text WORKING POC
Realtor 747 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
CVE-2008-1316 EXPLOITDB html WORKING POC
QT-cute QuickTalk Forum <1.6 - SQL Injection
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3881 EXPLOITDB text WORKING POC
Pictures Rating - SQL Injection via msgid Parameter
SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
CVE-2007-4362 EXPLOITDB text WORKING POC
Prozilla Webring - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-1785 EXPLOITDB text WRITEUP
Prozilla Top 100 1.2 - Authenticated Arbitrary Account Deletion via Modified s Parameter
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
CVE-2007-4258 EXPLOITDB text WORKING POC
Prozilla Pub Site Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-3809 EXPLOITDB text WORKING POC
Prozilla Directory Script - SQL Injection via cat_id Parameter
Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
CVE-2007-3610 EXPLOITDB text WORKING POC
phpVID 0.9.9 - SQL Injection via Cat Parameter
SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-1305 EXPLOITDB text WORKING POC
Filebase mod for phpBB - SQL Injection
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4054 EXPLOITDB text WORKING POC
PHP123 Top Sites - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-6462 EXPLOITDB text WORKING POC
PHP Real Estate Classifieds - SQL Injection
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3434 EXPLOITDB text WORKING POC
Pharmacy System <2 - Info Disclosure
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.