xprog

48 exploits Active since Jun 2007
CVE-2008-1875 EXPLOITDB text WORKING POC
Terong PHP Photo Gallery 1.0 - SQL Injection
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
CVE-2008-0911 EXPLOITDB html WORKING POC
iScripts MultiCart 2.0 - Authenticated SQL Injection via productid Parameter
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
CVE-2007-5992 EXPLOITDB text WORKING POC
datecomm Social Networking Script - SQL Injection
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
CVE-2008-1871 EXPLOITDB text WRITEUP
Scriptsagent.com Links Directory 1.1 - SQL Injection
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2007-6084 EXPLOITDB text WORKING POC
HotScripts Clone Script - SQL Injection
SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3461 EXPLOITDB text WORKING POC
elkagroup Image Gallery 1.0 - SQL Injection via pid Parameter
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
EIP-2026-106723 EXPLOITDB text WORKING POC
Easynet Forum Host - 'forum.php' SQL Injection
CVE-2007-3452 EXPLOITDB text WORKING POC
edocstore - SQL Injection via doc_id Parameter
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
CVE-2007-3882 EXPLOITDB text WORKING POC
Expert Advisor - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1788 EXPLOITDB text WORKING POC
Prozilla Entertainers <1.1 - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3609 EXPLOITDB text WORKING POC
eMeeting Online Dating Software 5.2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.
CVE-2007-6392 EXPLOITDB text WORKING POC
DWdirectory < 2.1 - SQL Injection via Search Parameter
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.
CVE-2007-3520 EXPLOITDB text WORKING POC
Easybe 1-2-3 Music Store - SQL Injection via CategoryID Parameter
SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
CVE-2008-1872 EXPLOITDB text WRITEUP
Comdev News Publisher 4.1.2 - SQL Injection
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3549 EXPLOITDB text WORKING POC
Buddy Zone 1.5 - SQL Injection via view_sub_cat.php cat_id Parameter
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2007-3448 EXPLOITDB text WORKING POC
BugMall Shopping Cart 2.5 - Cross-Site Scripting via msgs Parameter
Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.
CVE-2007-3526 EXPLOITDB text WORKING POC
Buddy Zone < 1.5 - SQL Injection via News ID, Category ID, or Member ID Parameter
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
CVE-2007-3979 EXPLOITDB text WORKING POC
BlogSite Professional < 1.2 - SQL Injection via news_id Parameter
SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2007-3521 EXPLOITDB text WORKING POC
ArcadeBuilder Game Portal Manager 1.7 - SQL Injection via usercookie Cookie
SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
CVE-2008-0440 EXPLOITDB text WORKING POC
AlstraSoft Forum Pay Per Post Exchange 2.0 - Cleartext Password Storage
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
CVE-2007-4056 EXPLOITDB text WORKING POC
Prozilla Adult Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.
EIP-2026-105010 EXPLOITDB text WORKING POC
Affiliate Directory - 'cat_id' SQL Injection
CVE-2007-6393 EXPLOITDB text WORKING POC
Ace Image Hosting Script - SQL Injection
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.