Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-4809 EXPLOITDB text VERIFIED
HM Community (com_hmcommunity) < 1.0 - Cross-Site Scripting via Multiple Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
by 599eme Man
CVE-2011-5112 EXPLOITDB text
com_alameda < 1.0.0 - SQL Injection via Storeid Parameter
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
by kaMtiEz
CVE-2011-5186 EXPLOITDB text VERIFIED
jbShop plugin for e107 7 - Cross-Site Scripting via item_id Parameter
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
by Robert Cooper
CVE-2011-4829 EXPLOITDB text VERIFIED
Barter Sites com_listing 1.3 - SQL Injection via category_id Parameter
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
by Chris Russell
CVE-2011-4806 EXPLOITDB text VERIFIED
phpalbum < 0.4.1.16 - Cross-Site Scripting via var1 or keyword Parameter
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
by BHG Security Center
CVE-2011-4807 EXPLOITDB text VERIFIED
phpalbum < 0.4.1.16 - Path Traversal via var1 Parameter
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
by BHG Security Center
CVE-2011-4823 EXPLOITDB text VERIFIED
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by Chris Russell
EIP-2026-108392 EXPLOITDB text VERIFIED
Joomla! Component com_jeemasms 3.2 - Multiple Vulnerabilities
by Chris Russell
CVE-2011-4830 EXPLOITDB text VERIFIED
Barter Sites com_listing 1.3 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.
by Chris Russell
EIP-2026-116008 EXPLOITDB text VERIFIED
Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC)
by Marcel Bernhardt
EIP-2026-112199 EXPLOITDB text VERIFIED
SjXjV 2.3 - 'post.php' SQL Injection
by 599eme Man
EIP-2026-111329 EXPLOITDB text VERIFIED
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting
by 599eme Man
CVE-2011-5113 EXPLOITDB text VERIFIED
Techfolio (com_techfolio) 1.0 - SQL Injection via catid Parameter
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Chris Russell
EIP-2026-106784 EXPLOITDB text VERIFIED
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections
by Vulnerability Research Laboratory
CVE-2011-4803 EXPLOITDB text
WPTouch - SQL Injection via id Parameter
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by longrifle0x
EIP-2026-106782 EXPLOITDB text
eFront 3.6.10 (build 11944) - Multiple Vulnerabilities
by EgiX
EIP-2026-119303 EXPLOITDB text VERIFIED
XAMPP 1.7.4 - Cross-Site Scripting
by Sangteamtham
EIP-2026-113156 EXPLOITDB text VERIFIED
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2)
by LiquidWorm
CVE-2011-5185 EXPLOITDB text
Online Subtitles Workshop < 2.0 - Cross-Site Scripting via Comment Parameter
Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
by M.Jock3R
EIP-2026-103023 EXPLOITDB text VERIFIED
Trend Micro IWSS 3.1 - Local Privilege Escalation
by Buguroo Offensive Security
CVE-2011-3315 EXPLOITDB text VERIFIED
Cisco Unified Communications Manager 5.x-8.x Path Traversal via Crafted URL
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
by Sandro Gauci
EIP-2026-108608 EXPLOITDB text
Joomla! Component com_yjcontactus - Local File Inclusion
by MeGo
EIP-2026-105124 EXPLOITDB text VERIFIED
Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusions
by Null H4ck3r
EIP-2026-107902 EXPLOITDB text VERIFIED
InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities
by Amir Expl0its
CVE-2011-1513 EXPLOITDB text VERIFIED
e107 < 0.7.24 - Remote Code Execution via MySQL Server Name Injection
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
by Matt Bergin