Exploitdb Exploits

EIP-2026-114212 EXPLOITDB text VERIFIED

WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-104227 EXPLOITDB text VERIFIED

DZYGroup CMS Portal - Multiple SQL Injections

by Netrondoank

View

EIP-2026-104137 EXPLOITDB text VERIFIED

Xpdf 3.02-13 - 'zxpdf' Security Bypass

by Chung-chieh Shan

View

EIP-2026-100226 EXPLOITDB text VERIFIED

Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting

by PontoSec

View

CVE-2011-4106 EXPLOITDB text VERIFIED

TimThumb <2.0 - RCE

TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.

by MaXe

View

EIP-2026-109617 EXPLOITDB text VERIFIED

mt LinkDatenbank - 'b' Cross-Site Scripting

by Err0R

View

EIP-2026-108600 EXPLOITDB text VERIFIED

Joomla! Component com_xeslidegalfx - 'id' SQL Injection

by Ne0 H4ck3R

View

EIP-2026-108389 EXPLOITDB text VERIFIED

Joomla! Component com_jdirectory - SQL Injection

by Caddy Dz

View

EIP-2026-108312 EXPLOITDB text VERIFIED

Joomla! Component com_community - 'userid' SQL Injection

by Ne0 H4ck3R

View

EIP-2026-107586 EXPLOITDB text VERIFIED

HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-103903 EXPLOITDB text VERIFIED

foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution

by daveb

View

EIP-2026-100164 EXPLOITDB text VERIFIED

BESNI OKUL PORTAL - 'sayfa.asp' Cross-Site Scripting

by Err0R

View

EIP-2026-100152 EXPLOITDB text VERIFIED

Ataccan E-Ticaret Scripti - 'id' SQL Injection

by Err0R

View

EIP-2026-112186 EXPLOITDB text VERIFIED

SiteGenius - Blind SQL Injection

by AutoRUN & dR.sqL

View

EIP-2026-109726 EXPLOITDB text VERIFIED

MyBB MyTabs Plugin - SQL Injection

by AutoRUN & dR.sqL

View

EIP-2026-109725 EXPLOITDB text VERIFIED

MyBB MyTabs Plugin - 'tab' SQL Injection

by AutoRUN & dR.sqL

View

CVE-2013-0332 EXPLOITDB text

Zoneminder - Path Traversal

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.

by iye

View

EIP-2026-106281 EXPLOITDB text VERIFIED

Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities

by Aung Khant

View

EIP-2026-106028 EXPLOITDB text

CMSPro! 2.08 - Cross-Site Request Forgery

by Xadpritox

View

EIP-2026-104080 EXPLOITDB text VERIFIED

Skype 5.3 - 'Mobile Phone' HTML Injection

by noptrix

View

EIP-2026-108812 EXPLOITDB text

Joomla! Component obSuggest - Local File Inclusion

by v3n0m

View

EIP-2026-106451 EXPLOITDB text

Digital Scribe 1.5 - register_form()' Multiple POST Cross-Site Scripting Vulnerabilities

by LiquidWorm

View

EIP-2026-109157 EXPLOITDB text VERIFIED

Link Station Pro - Multiple Vulnerabilities

by $#4d0\/\/[r007k17]

View

CVE-2011-2745 EXPLOITDB text VERIFIED

Chyrp < 2.0 - Access Control

upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.

by Wireghoul

View

CVE-2011-2744 EXPLOITDB text VERIFIED

Chyrp < 2.1 - Path Traversal

Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.

by Wireghoul

View