Abysssec Inc

CVE-2009-4088 EXPLOITDB WRITEUP

telepark.wiki <2.4.23 - Path Traversal

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.

View Code

CVE-2010-3602 EXPLOITDB text WRITEUP

Sourcetreesolutions Mojoportal - XSS

Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-119551 EXPLOITDB text WRITEUP

PHP 5.2.9 (Windows x86) - Local Safemod Bypass

View Code

CVE-2010-3653 EXPLOITDB text WRITEUP

Adobe Shockwave Player < 11.5.8.612 - Memory Corruption

The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-116801 EXPLOITDB text WORKING POC

Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Local Privilege Escalation

View Code

EIP-2026-114605 EXPLOITDB php WORKING POC

ZenPhoto - Config Update / Command Execution

View Code

CVE-2009-4089 EXPLOITDB text WRITEUP

telepark.wiki <2.4.23 - Auth Bypass

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.

View Code

EIP-2026-111414 EXPLOITDB text WRITEUP

Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)

View Code

EIP-2026-106559 EXPLOITDB text WRITEUP

douran portal 3.9.0.23 - Multiple Vulnerabilities

View Code

EIP-2026-106221 EXPLOITDB python WRITEUP

Cpanel PHP - Restriction Bypass

View Code

EIP-2026-100605 EXPLOITDB text WRITEUP

VisualSite CMS 1.3 - Multiple Vulnerabilities

View Code

EIP-2026-100482 EXPLOITDB text WRITEUP

Personal.Net Portal - Multiple Vulnerabilities

View Code

EIP-2026-100331 EXPLOITDB text WRITEUP

freediscussionforums 1.0 - Multiple Vulnerabilities

View Code

EIP-2026-100337 EXPLOITDB text WORKING POC

gausCMS - Multiple Vulnerabilities

View Code

EIP-2026-100370 EXPLOITDB text WRITEUP

ifnuke - Multiple Vulnerabilities

View Code

EIP-2026-100381 EXPLOITDB text WRITEUP

jmd-cms - Multiple Vulnerabilities

View Code

EIP-2026-100400 EXPLOITDB text WRITEUP

Luftguitar CMS - Upload Arbitrary File

View Code

CVE-2010-3603 EXPLOITDB text WRITEUP

Sourcetreesolutions Mojoportal - CSRF

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.

View Code

EIP-2026-100453 EXPLOITDB text WRITEUP

ndCMS - SQL Injection

View Code

EIP-2026-100513 EXPLOITDB text WRITEUP

rainbowportal - Multiple Vulnerabilities

View Code

EIP-2026-100604 EXPLOITDB text WRITEUP

visinia 1.3 - Multiple Vulnerabilities

View Code

EIP-2026-100109 EXPLOITDB text WRITEUP

aradblog - Multiple Vulnerabilities

View Code

CVE-2010-3404 EXPLOITDB text WRITEUP

eshtery CMS - SQL Injection

Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

View Code

EIP-2026-100237 EXPLOITDB python WORKING POC

Dana Portal - Remote Change Admin Password

View Code

EIP-2026-100153 EXPLOITDB text WRITEUP

AtomatiCMS - Upload Arbitrary File

View Code