ITSecTeam

52 exploits Active since Mar 2010
CVE-2010-1661 EXPLOITDB text WRITEUP
Jcink Php-quick-arcade - SQL Injection
Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.
CVE-2010-2676 EXPLOITDB text WRITEUP
Open Web Analytics OWA <1.2.3 - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
CVE-2010-0967 EXPLOITDB text WRITEUP
Geekhelps ADMP 1.01 - Path Traversal
Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/. NOTE: some of these details are obtained from third party information.
EIP-2026-119459 EXPLOITDB text WORKING POC
Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2)
EIP-2026-116592 EXPLOITDB python WORKING POC
Xilisoft Video Converter Wizard - '.yuv' Stack Buffer Overflow
CVE-2010-1042 EXPLOITDB text WRITEUP
Microsoft Windows Media Player 11 - Memory Corruption
Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-115568 EXPLOITDB python WORKING POC
Mackeitone Media Player - '.m3u' Stack Buffer Overflow
EIP-2026-115602 EXPLOITDB python WORKING POC
Media Player classic StatsReader - '.stats' Stack Buffer Overflow (PoC)
EIP-2026-114885 EXPLOITDB python WORKING POC
All to All Audio Convertor 2.0 - Files Stack Overflow (PoC)
EIP-2026-115189 EXPLOITDB python WORKING POC
Easy Icon Maker - '.ico' File Reading Crash
EIP-2026-115008 EXPLOITDB python WORKING POC
Brazip 9.0 - '.zip' Buffer Overflow (SEH)
EIP-2026-114860 EXPLOITDB python WORKING POC
Adobe Acrobat and Reader 9.3.4 - 'acroform_PlugInMain' Memory Corruption
EIP-2026-114906 EXPLOITDB python WORKING POC
Anyzip 1.1 - '.zip' (PoC) (SEH)
EIP-2026-114401 EXPLOITDB text WORKING POC
x10 mirco blogging 121 - SQL Injection
EIP-2026-114409 EXPLOITDB text WRITEUP
Xataface 1.x - 'action' Local File Inclusion
CVE-2010-1712 EXPLOITDB text WRITEUP
Webmobo Wbnews - XSS
Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.
CVE-2010-1528 EXPLOITDB html WORKING POC
Uiga Proxy - RCE
PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
EIP-2026-112804 EXPLOITDB html WORKING POC
ttCMS 5.0 - Remote File Inclusion
EIP-2026-112511 EXPLOITDB text WRITEUP
SweetRice < 0.6.4 - 'FCKeditor' Arbitrary File Upload
EIP-2026-111790 EXPLOITDB html WORKING POC
RogioBiz PHP Fle Manager 1.2 - Admin Bypass
EIP-2026-110830 EXPLOITDB text WRITEUP
PHP-Nuke - ratedownload SQL Injection
CVE-2010-5083 EXPLOITDB text WRITEUP
PHP-Nuke 8.0 - SQL Injection
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
EIP-2026-110717 EXPLOITDB text WORKING POC
PHP Link Manager 1.7 - URL Redirection
CVE-2010-1662 EXPLOITDB text WRITEUP
Jcink Php-quick-arcade - XSS
Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter.
EIP-2026-110669 EXPLOITDB text WRITEUP
PHP Classifieds 7.5 - Blind SQL Injection