~!Dok_tOR!~

18 exploits Active since Aug 2008
CVE-2008-4518 EXPLOITDB text WORKING POC
Fastpublish CMS 1.9.9.9.9 d - SQL Injection via Sprache or Artikel Parameter
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
CVE-2008-4093 EXPLOITDB text WORKING POC
YourOwnBux 3.1 and 3.2 beta - SQL Injection via User Parameter
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2008-3787 EXPLOITDB text WORKING POC
Web Directory Script <2.0 - SQL Injection
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2008-5070 EXPLOITDB text WORKING POC
Pro Chat Rooms 3.0.3 - SQL Injection via gud Parameter
SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php.
CVE-2008-3861 EXPLOITDB text WORKING POC
phpMyRealty < 1.0.9 - SQL Injection via id or price_max Parameter
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
CVE-2008-3788 EXPLOITDB text WORKING POC
PICTURESPRO Photo Cart 3.9 - SQL Injection
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
CVE-2008-6093 EXPLOITDB text WORKING POC
Noname CMS 1.0 - SQL Injection via file_id or kategorie Parameter
SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action.
CVE-2008-3783 EXPLOITDB text WORKING POC
Matterdaddy Market 1.1 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters.
CVE-2008-3785 EXPLOITDB text WORKING POC
MiaCMS 4.6.5 - SQL Injection via com_content id Parameter
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.
CVE-2008-4356 EXPLOITDB text WORKING POC
Kasseler CMS 1.1.0 and 1.2.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module.
CVE-2008-4711 EXPLOITDB text WORKING POC
Joovili < 3.0 - SQL Injection via id Parameter
SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php.
CVE-2008-7114 EXPLOITDB text WORKING POC
iFdate < 2.0.3 - SQL Injection via Name Field
SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.
CVE-2008-4519 EXPLOITDB text WORKING POC
Fastpublish CMS 1.9999 d - Path Traversal via Target Parameter
Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php.
CVE-2008-5075 EXPLOITDB text WORKING POC
E-Uploader Pro 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.
CVE-2008-6100 EXPLOITDB text WORKING POC
Discussion Forums 2k 3.3 - SQL Injection
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php.
CVE-2008-4156 EXPLOITDB text WORKING POC
CustomCms Gaming Portal 4.0 - SQL Injection via print.php id Parameter
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6091 EXPLOITDB text WORKING POC
BMForum 5.6 - SQL Injection via Tagname Parameter
SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter.
CVE-2008-6029 EXPLOITDB text WORKING POC
buzzywall <= 1.3.1 - SQL Injection via Search Parameter
SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.