Text Exploits

CVE-2011-5050 EXPLOITDB text VERIFIED

Cyberoam Unified Threat Management < 10.01.2 - Authenticated SQL Injection via tableid Parameter

SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.

by Benjamin Kunz Mejri

View

CVE-2011-5228 EXPLOITDB text

appRain CMF 0.1.5 - Cross-Site Scripting via Search Module ss Parameter

Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.

by Vulnerability-Lab

View

CVE-2011-5045 EXPLOITDB text VERIFIED

PHP Booking Calendar 10e - Cross-Site Scripting via page_info_message Parameter

Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.

by G13

View

EIP-2026-108335 EXPLOITDB text VERIFIED

Joomla! Component com_dshop - SQL Injection

by CoBRa_21

View

CVE-2011-5218 EXPLOITDB text VERIFIED

DotA OpenStats <= 1.3.9 - SQL Injection via Index.php ID Parameter

SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

by HvM17

View

CVE-2011-5229 EXPLOITDB text

appRain CMF 0.1.5 - SQL Injection via PATH_INFO in Forum Module

SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

by Vulnerability-Lab

View

CVE-2011-5046 EXPLOITDB text VERIFIED

Microsoft Windows GDI - Remote Code Execution via IFRAME Height Attribute

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."

by webDEViL

View

EIP-2026-113083 EXPLOITDB text VERIFIED

Video Community Portal - 'userID' SQL Injection

by Lazmania61

View

CVE-2011-5028 EXPLOITDB text

Novell Sentinel Log Manager < 1.2.0.1_938 - Authenticated Path Traversal via FileDownload Filename Parameter

Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

by Andrea Fabrizi

View

EIP-2026-112292 EXPLOITDB text VERIFIED

Social Network Community 2 - 'userID' SQL Injection

by Lazmania61

View

CVE-2011-5222 EXPLOITDB text VERIFIED

PHP Flirt-Projekt 4.8 - SQL Injection via rub Parameter

SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.

by Lazmania61

View

CVE-2011-5230 EXPLOITDB text VERIFIED

Seotoaster < 1.9 - SQL Injection via Login or Member Login Parameter

Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.

by Stefan Schurtz

View

EIP-2026-107185 EXPLOITDB text VERIFIED

Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities

by Avram Marius

View

CVE-2011-5031 EXPLOITDB text VERIFIED

capexweb 1.1 - SQL Injection via dfuserid and dfpassword Parameters

Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.

by D1rt3 Dud3

View

EIP-2026-110429 EXPLOITDB text VERIFIED

Owl Intranet Engine 1.00 - 'userid' Authentication Bypass

by RedTeam Pentesting GmbH

View

EIP-2026-100932 EXPLOITDB text VERIFIED

Websense 7.6 Triton - 'ws_irpt.exe' Remote Command Execution

by Ben Williams

View

EIP-2026-100931 EXPLOITDB text VERIFIED

Websense 7.6 Products - 'favorites.exe' Authentication Bypass

by Ben Williams

View

EIP-2026-100930 EXPLOITDB text VERIFIED

Websense 7.6 - Triton Report Management Interface Cross-Site Scripting

by Ben Williams

View

CVE-2011-5041 EXPLOITDB text VERIFIED

Pulse Pro CMS 1.7.2 - Cross-Site Scripting via d or post_id Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php.

by Avram Marius

View

CVE-2011-5214 EXPLOITDB text VERIFIED

BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

by High-Tech Bridge SA

View

CVE-2011-5213 EXPLOITDB text VERIFIED

BrowserCRM < 5.100.01 - SQL Injection via login[username] or parent_id or contact_id Parameter

Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.

by High-Tech Bridge SA

View

CVE-2011-5214 EXPLOITDB text VERIFIED

BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

by High-Tech Bridge SA

View

CVE-2011-5214 EXPLOITDB text VERIFIED

BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

by High-Tech Bridge SA

View

CVE-2011-5213 EXPLOITDB text VERIFIED

BrowserCRM < 5.100.01 - SQL Injection via login[username] or parent_id or contact_id Parameter

Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.

by High-Tech Bridge SA

View

CVE-2011-5214 EXPLOITDB text VERIFIED

BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

by High-Tech Bridge SA

View