xprog

48 exploits Active since Jun 2007
CVE-2008-1875 EXPLOITDB text WORKING POC
Terong PHP Photo Gallery 1.0 - SQL Injection
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
CVE-2008-0911 EXPLOITDB html WORKING POC
Iscripts Multicart - SQL Injection
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
CVE-2007-5992 EXPLOITDB text WORKING POC
datecomm Social Networking Script - SQL Injection
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
CVE-2008-1871 EXPLOITDB text WRITEUP
Scriptsagent.com Links Directory 1.1 - SQL Injection
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2007-6084 EXPLOITDB text WORKING POC
HotScripts Clone Script - SQL Injection
SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3461 EXPLOITDB text WORKING POC
Elkagroup Image Gallery - SQL Injection
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
EIP-2026-106723 EXPLOITDB text WORKING POC
Easynet Forum Host - 'forum.php' SQL Injection
CVE-2007-3452 EXPLOITDB text WORKING POC
Edocstore - SQL Injection
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
CVE-2007-3882 EXPLOITDB text WORKING POC
Popscript.com Expert Advisor - SQL Injection
SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1788 EXPLOITDB text WORKING POC
Prozilla Entertainers <1.1 - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3609 EXPLOITDB text WORKING POC
Emeeting Online Dating Software - SQL Injection
Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.
CVE-2007-6392 EXPLOITDB text WORKING POC
DWdirectory <2.1 - SQL Injection
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.
CVE-2007-3520 EXPLOITDB text WORKING POC
Easybe 1-2-3 Music Store - SQL Injection
SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
CVE-2008-1872 EXPLOITDB text WRITEUP
Comdev News Publisher 4.1.2 - SQL Injection
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3549 EXPLOITDB text WORKING POC
Vastal I-tech Buddy Zone - SQL Injection
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2007-3448 EXPLOITDB text WORKING POC
Bugmall Shopping Cart - XSS
Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.
CVE-2007-3526 EXPLOITDB text WORKING POC
Vastal I-tech Buddy Zone < 1.5 - SQL Injection
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
CVE-2007-3979 EXPLOITDB text WORKING POC
Netart Media Blog System < 1.2 - SQL Injection
SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2007-3521 EXPLOITDB text WORKING POC
Arcadebuilder Game Portal Manager - SQL Injection
SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
CVE-2008-0440 EXPLOITDB text WORKING POC
Alstrasoft Forum Pay Per Post Exchange - Credentials Management
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
CVE-2007-4056 EXPLOITDB text WORKING POC
Prozilla Adult Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.
EIP-2026-105010 EXPLOITDB text WORKING POC
Affiliate Directory - 'cat_id' SQL Injection
CVE-2007-6393 EXPLOITDB text WORKING POC
Ace Image Hosting Script - SQL Injection
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.