Abysssec

CVE-2010-0519 EXPLOITDB python WORKING POC

Apple Mac OS X - Remote Code Execution via Malformed FlashPix SubImage Header

Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.

View Code

CVE-2011-0041 EXPLOITDB text WRITEUP

Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2 - Remote Code Execution via Crafted EMF Image

Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

View Code

CVE-2010-0520 EXPLOITDB python WORKING POC

Mac OS X - Heap-Based Buffer Overflow in QuickTimeAuthoring.qtx via Crafted FLC File

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.

View Code

CVE-2010-2866 EXPLOITDB python WORKING POC

Adobe Shockwave Player <11.5.8.612 - Memory Corruption

Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie.

View Code

EIP-2026-114605 EXPLOITDB php WORKING POC

ZenPhoto - Config Update / Command Execution

View Code

CVE-2009-4089 EXPLOITDB text WRITEUP

telepark.wiki <2.4.23 - Auth Bypass

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.

View Code

EIP-2026-112526 EXPLOITDB text WORKING POC

SyndeoCMS 2.8.02 - Multiple Vulnerabilities (1)

View Code

EIP-2026-111415 EXPLOITDB text WRITEUP

Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)

View Code

EIP-2026-111414 EXPLOITDB text WRITEUP

Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)

View Code

EIP-2026-111158 EXPLOITDB text WORKING POC

phpMyFamily - Multiple Vulnerabilities

View Code

CVE-2010-3481 EXPLOITDB text WORKING POC

ApPHP PHP MicroCMS 1.0.1 - SQL Injection

Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable.

View Code

EIP-2026-107884 EXPLOITDB text WRITEUP

InterPhoto Gallery - Multiple Vulnerabilities

View Code

EIP-2026-108075 EXPLOITDB text WORKING POC

JE CMS 1.0.0 - Authentication Bypass

View Code

CVE-2010-4893 EXPLOITDB text WRITEUP

FestOS 2.3b - Cross-Site Scripting via Category Parameter

Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action.

View Code

EIP-2026-106609 EXPLOITDB text WRITEUP

dynpage 1.0 - Multiple Vulnerabilities

View Code

EIP-2026-106559 EXPLOITDB text WRITEUP

douran portal 3.9.0.23 - Multiple Vulnerabilities

View Code

EIP-2026-106221 EXPLOITDB python WRITEUP

Cpanel PHP - Restriction Bypass

View Code

EIP-2026-106012 EXPLOITDB html WORKING POC

CMSimple - Cross-Site Request Forgery

View Code

EIP-2026-104528 EXPLOITDB python WORKING POC

Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer Overflow

View Code

CVE-2010-2168 EXPLOITDB python WORKING POC

Adobe Acrobat and Reader 9.x < 9.3.3 and 8.x < 8.2.3 - Remote Code Execution via Crafted Flash Content in PDF

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.

View Code

EIP-2026-100337 EXPLOITDB text WORKING POC

gausCMS - Multiple Vulnerabilities

View Code

EIP-2026-100611 EXPLOITDB html WORKING POC

VWD-CMS - Cross-Site Request Forgery

View Code

EIP-2026-100605 EXPLOITDB text WRITEUP

VisualSite CMS 1.3 - Multiple Vulnerabilities

View Code

EIP-2026-100604 EXPLOITDB text WRITEUP

visinia 1.3 - Multiple Vulnerabilities

View Code

EIP-2026-100547 EXPLOITDB text WORKING POC

sirang web-based d-control - Multiple Vulnerabilities

View Code