Sid3^effects aKa HaRi - Security Researcher - Exploit Intelligence Platform

CVE-2010-2355 EXPLOITDB WRITEUP

Pilotgroup Elms Pro - XSS

Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

CVE-2010-2911 EXPLOITDB text WRITEUP

Kayako eSupport <3.70.02 - SQL Injection

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

View Code

CVE-2010-5010 EXPLOITDB text WRITEUP

SchoolMation 2.3 - XSS

Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.

View Code

CVE-2010-5018 EXPLOITDB text WRITEUP

2daybiz Online Classified Script - XSS

Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

View Code

CVE-2010-2697 EXPLOITDB text WRITEUP

Sijio Community Software - XSS

Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2010-2696 EXPLOITDB text WRITEUP

Sijio Community Software - SQL Injection

SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.

View Code

CVE-2010-2354 EXPLOITDB text WRITEUP

Pilotgroup Elms Pro - SQL Injection

SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.

View Code

CVE-2010-2439 EXPLOITDB python WORKING POC

Moreforge Moreamp - Memory Corruption

Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).

View Code

EIP-2026-112463 EXPLOITDB text WRITEUP

Subrion Auto Classifieds - Persistent Cross-Site Scripting

View Code

EIP-2026-111683 EXPLOITDB text WRITEUP

Rayzz Photoz - Arbitrary File Upload

View Code

CVE-2010-5011 EXPLOITDB text WRITEUP

SchoolMation 2.3 - SQL Injection

SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.

View Code

CVE-2010-2698 EXPLOITDB text WRITEUP

Sijio Community Software - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View Code

EIP-2026-110927 EXPLOITDB text WRITEUP

PHPAuctionSystem - Arbitrary File Upload

View Code

EIP-2026-110572 EXPLOITDB text WRITEUP

PGAUTOPro - SQL Injection / Cross-Site Scripting (1)

View Code

EIP-2026-109868 EXPLOITDB text WRITEUP

Netartmedia iBoutique.MALL - SQL Injection

View Code

CVE-2010-4719 EXPLOITDB text WRITEUP

JRadio <1.5.1 - Path Traversal

Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

View Code

CVE-2010-2912 EXPLOITDB text WRITEUP

Kayako eSupport 3.70.02 - SQL Injection

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.

View Code

CVE-2010-4975 EXPLOITDB text WRITEUP

Joomla! - SQL Injection

SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php.

View Code

CVE-2010-4991 EXPLOITDB text WRITEUP

Joomla! - SQL Injection

SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to index.php.

View Code

CVE-2010-4995 EXPLOITDB text WRITEUP

NeoRecruit 1.6.4 - SQL Injection

SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.

View Code

CVE-2010-4992 EXPLOITDB text WRITEUP

Payments Plus 2.1.5 - SQL Injection

SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.

View Code

CVE-2010-2857 EXPLOITDB text WRITEUP

Joomla! - Path Traversal

Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.

View Code

EIP-2026-108787 EXPLOITDB text WRITEUP

Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting

View Code

EIP-2026-108806 EXPLOITDB text WRITEUP

Joomla! Component MyHome - Blind SQL Injection

View Code

EIP-2026-108840 EXPLOITDB text WORKING POC

Joomla! Component Rapid-Recipe - Persistent Cross-Site Scripting

View Code