Exploitdb Exploits

EIP-2026-108996 EXPLOITDB text VERIFIED

Keynect eCommerce - SQL Injection

by Arturo Zamora

View

CVE-2011-1467 EXPLOITDB text VERIFIED

PHP <5.3.6 - DoS

Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.

by thoger

View

EIP-2026-100781 EXPLOITDB text VERIFIED

Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections

by High-Tech Bridge SA

View

CVE-2010-3486 EXPLOITDB text VERIFIED

SmarterMail 7.1.3876 - Path Traversal

Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.

by Hoyt LLC Research

View

EIP-2026-100399 EXPLOITDB text VERIFIED

Luch Web Designer - Multiple SQL Injections

by p0pc0rn

View

CVE-2011-0167 EXPLOITDB text VERIFIED

Apple Safari <5.0.4 - CSRF

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

by Aaron Sigel

View

EIP-2026-111723 EXPLOITDB text VERIFIED

recordpress 0.3.1 - Multiple Vulnerabilities

by Khashayar Fereidani

View

EIP-2026-106913 EXPLOITDB text

Esselbach Storyteller CMS System 1.8 - SQL Injection

by Shamus

View

EIP-2026-113956 EXPLOITDB text VERIFIED

WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-113833 EXPLOITDB text VERIFIED

WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-113801 EXPLOITDB text VERIFIED

WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-113512 EXPLOITDB text VERIFIED

WordPress Plugin 1 Flash Gallery 0.2.5 - Cross-Site Scripting / SQL Injection

by High-Tech Bridge SA

View

EIP-2026-111844 EXPLOITDB text

Ruubikcms 1.0.3 - Multiple Vulnerabilities

by Khashayar Fereidani

View

EIP-2026-111842 EXPLOITDB text VERIFIED

Ruubikcms 1.0.3 - 'head.php' Cross-Site Scripting

by Khashayar Fereidani

View

EIP-2026-100322 EXPLOITDB text VERIFIED

EzPub Simple Classic ASP CMS - SQL Injection

by p0pc0rn

View

EIP-2026-105570 EXPLOITDB text

BMForum Myna 6.0 - SQL Injection

by Stephan Sattler

View

EIP-2026-105378 EXPLOITDB text

Bacula-Web 1.3.x < 5.0.3 - Multiple Vulnerabilities

by b0telh0

View

EIP-2026-103512 EXPLOITDB text

Hiawatha WebServer 7.4 - Denial of Service

by Rodrigo Escobar

View

CVE-2011-1427 EXPLOITDB text VERIFIED

Kodak InSite 5.5.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.

by Dionach

View

CVE-2011-1427 EXPLOITDB text VERIFIED

Kodak InSite 5.5.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.

by Dionach

View

CVE-2011-1099 EXPLOITDB text

Focalmedia.net Quick Polls < 1.0.1 - Path Traversal

Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.

by Mark Stanislav

View

EIP-2026-109791 EXPLOITDB text VERIFIED

MySms 1.0 - Multiple Vulnerabilities

by AtT4CKxT3rR0r1ST

View

EIP-2026-105604 EXPLOITDB text VERIFIED

BoutikOne - 'description.php' SQL Injection

by IRAQ_JAGUAR

View

CVE-2011-1271 EXPLOITDB HIGH text VERIFIED

Microsoft .net Framework - NULL Pointer Dereference

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."

by Brian Mancini

CVSS 7.7

View

EIP-2026-109192 EXPLOITDB text VERIFIED

Lms Web Ensino - Multiple Input Validation Vulnerabilities

by waKKu

View