Exploitdb Exploits

CVE-2011-2757 EXPLOITDB text VERIFIED

Manageengine Servicedesk Plus < 8.0.0.12 - Path Traversal

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.

by Keith Lee

View

EIP-2026-100733 EXPLOITDB text VERIFIED

ActivDesk 3.0 - Multiple Vulnerabilities

by Brendan Coles

View

EIP-2026-111883 EXPLOITDB text VERIFIED

Same Team E-shop manager - SQL Injection

by Number 7

View

EIP-2026-107047 EXPLOITDB text VERIFIED

FanUpdate 3.0 - 'pageTitle' Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-106910 EXPLOITDB text VERIFIED

Eshop Manager - Multiple SQL Injections

by Number 7

View

EIP-2026-105675 EXPLOITDB text VERIFIED

Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities

by Brendan Coles

View

EIP-2026-100345 EXPLOITDB text VERIFIED

H3C ER5100 - Authentication Bypass

by 128bit

View

EIP-2026-114280 EXPLOITDB text

WordPress Plugin WPtouch 1.9.27 - URL redirection

by MaKyOtOx

View

EIP-2026-112189 EXPLOITDB text VERIFIED

Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting

by Gjoko Krstic

View

EIP-2026-107772 EXPLOITDB text VERIFIED

iGiveTest 2.1.0 - SQL Injection

by Brendan Coles

View

CVE-2011-4716 EXPLOITDB text VERIFIED

Dream-multimedia-tv Dreambox Dm800 HD SE Firmware - Path Traversal

Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.

by ShellVision

View

EIP-2026-109934 EXPLOITDB text VERIFIED

Nibbleblog 3 - Multiple SQL Injections

by KedAns-Dz

View

EIP-2026-108562 EXPLOITDB text VERIFIED

Joomla! Component com_team - SQL Injection

by CoBRa_21

View

EIP-2026-108294 EXPLOITDB text VERIFIED

Joomla! Component com_calcbuilder - 'id' Blind SQL Injection

by Chip d3 bi0s

View

EIP-2026-105649 EXPLOITDB text VERIFIED

Burning Board 3.1.5 - Full Path Disclosure

by linc0ln.dll

View

EIP-2026-112549 EXPLOITDB text VERIFIED

Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting

by Bl4ck.Viper

View

EIP-2026-108190 EXPLOITDB text VERIFIED

Joomla! Component A Cool Debate 1.0.3 - Local File Inclusion

by Chip d3 bi0s

View

EIP-2026-107806 EXPLOITDB text VERIFIED

Immophp 1.1.1 - Cross-Site Scripting / SQL Injection

by KedAns-Dz

View

EIP-2026-105026 EXPLOITDB text VERIFIED

AiCart 2.0 - Multiple Vulnerabilities

by takeshix

View

CVE-2011-0959 EXPLOITDB text VERIFIED

Cisco Unified Operations Manager < 8.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

by Sense of Security

View

CVE-2011-0959 EXPLOITDB text VERIFIED

Cisco Unified Operations Manager < 8.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

by Sense of Security

View

CVE-2011-0959 EXPLOITDB text VERIFIED

Cisco Unified Operations Manager < 8.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

by Sense of Security

View

CVE-2011-0959 EXPLOITDB text VERIFIED

Cisco Unified Operations Manager < 8.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

by Sense of Security

View

CVE-2011-0959 EXPLOITDB text VERIFIED

Cisco Unified Operations Manager < 8.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

by Sense of Security

View

CVE-2011-2960 EXPLOITDB text VERIFIED

Sunwayland Forcecontrol - Memory Corruption

Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.

by Dillon Beresford

View