Exploitdb Exploits

EIP-2026-105647 EXPLOITDB text VERIFIED

Built2Go PHP Shopping - SQL Injection

by Br0ly

View

EIP-2026-103860 EXPLOITDB text VERIFIED

Appweb Web Server 3.2.2-1 - Cross-Site Scripting

by Gjoko Krstic

View

EIP-2026-101657 EXPLOITDB text

D-Link WBR-1310 - Authentication Bypass

by Craig Heffner

View

EIP-2026-113524 EXPLOITDB text VERIFIED

WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting

by clshack

View

EIP-2026-113523 EXPLOITDB text VERIFIED

WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scripting

by clshack

View

EIP-2026-108243 EXPLOITDB text VERIFIED

Joomla! Component Classified - SQL Injection

by R4dc0re

View

CVE-2010-4566 EXPLOITDB text VERIFIED

Citrix Access Gateway <5.0 - Command Injection

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

by George D. Gal

View

EIP-2026-100859 EXPLOITDB text VERIFIED

Mitel AWC - Command Execution

by Procheckup

View

CVE-2010-4612 EXPLOITDB text

Hycus Cms - SQL Injection

Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.

by High-Tech Bridge SA

View

CVE-2010-4610 EXPLOITDB text

Html-edit Cms - XSS

Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.

by High-Tech Bridge SA

View

CVE-2010-4609 EXPLOITDB text

Html-edit Cms - SQL Injection

SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.

by High-Tech Bridge SA

View

CVE-2010-4607 EXPLOITDB text

Habari - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.

by High-Tech Bridge SA

View

CVE-2011-1086 EXPLOITDB MEDIUM text VERIFIED

Openfiler - XSS

Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.

by db.pub.mail

CVSS 6.1

View

CVE-2010-4598 EXPLOITDB text

Ecava Integraxor < 3.6.4000.0 - Path Traversal

Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.

by Luigi Auriemma

View

EIP-2026-118344 EXPLOITDB text VERIFIED

Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal

by waraxe

View

EIP-2026-113888 EXPLOITDB text VERIFIED

WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities

by Richard Brain

View

EIP-2026-112299 EXPLOITDB text VERIFIED

Social Share - 'Username' SQL Injection

by Aliaksandr Hartsuyeu

View

EIP-2026-111860 EXPLOITDB text VERIFIED

S9Y Serendipity 1.5.4 - Arbitrary File Upload

by pentesters.ir

View

EIP-2026-108602 EXPLOITDB text VERIFIED

Joomla! Component com_xgallery 1.0 - Local File Inclusion

by KelvinX

View

EIP-2026-108110 EXPLOITDB text

jobappr 1.4 - Multiple Vulnerabilities

by giudinvx

View

EIP-2026-107845 EXPLOITDB text

Injader CMS - Multiple Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-107807 EXPLOITDB text VERIFIED

ImpressCMS 1.2.x - 'quicksearch_ContentContent' HTML Injection

by High-Tech Bridge SA

View

CVE-2010-4613 EXPLOITDB text

Hycus Cms - Path Traversal

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.

by High-Tech Bridge SA

View

CVE-2010-4611 EXPLOITDB text

Html-edit Cms - Information Disclosure

Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.

by High-Tech Bridge SA

View

CVE-2010-4608 EXPLOITDB text

Habari - Information Disclosure

Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.

by High-Tech Bridge SA

View