Text Exploits

EIP-2026-100581 EXPLOITDB text VERIFIED

Techno Dreams Articles & Papers Package 2.0 - 'ArticlesTablelist.asp' SQL Injection

by R4dc0re

View

CVE-2010-4830 EXPLOITDB text VERIFIED

Techno Dreams Job Career Package 3.0 - SQL Injection

SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.

by R4dc0re

View

CVE-2010-4829 EXPLOITDB text VERIFIED

Techno Dreams (T-Dreams) Cars Ads Package 2.0 - SQL Injection

SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.

by R4dc0re

View

EIP-2026-100238 EXPLOITDB text VERIFIED

Dejcom Market CMS - 'showbrand.aspx' SQL Injection

by Mormoroth

View

EIP-2026-100146 EXPLOITDB text VERIFIED

ASPSiteWare Recipe ORGanizer - SQL Injection

by R4dc0re

View

EIP-2026-100145 EXPLOITDB text VERIFIED

ASPSiteWare Project Reporter - SQL Injection

by R4dc0re

View

EIP-2026-100144 EXPLOITDB text VERIFIED

ASPSiteWare JobPost 1.0 - SQL Injection

by R4dc0re

View

EIP-2026-100143 EXPLOITDB text VERIFIED

ASPSiteWare Contact Directory 1.0 - SQL Injection

by R4dc0re

View

EIP-2026-100142 EXPLOITDB text VERIFIED

ASPSiteWare ASP Gallery 1.0 - SQL Injection

by R4dc0re

View

EIP-2026-105079 EXPLOITDB text VERIFIED

Alguest 1.1 - Multiple Cookie Authentication Bypass Vulnerabilities

by Aliaksandr Hartsuyeu

View

EIP-2026-102205 EXPLOITDB text VERIFIED

iOS iFTPStorage 1.3 - Directory Traversal

by XEL

View

EIP-2026-101653 EXPLOITDB text

D-Link Routers - Authentication Bypass (1)

by Craig Heffner

View

EIP-2026-100296 EXPLOITDB text VERIFIED

Easy Travel Portal 2 - 'travelbycountry.asp' SQL Injection

by Ulrik Persson

View

CVE-2010-4514 EXPLOITDB text VERIFIED

DotNetNuke 5.05.01 and 5.06.00 - Cross-Site Scripting via __VIEWSTATE Parameter

Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.

by Richard Brain

View

CVE-2010-20103 EXPLOITDB CRITICAL text VERIFIED

ProFTPD 1.3.3c - Unauthenticated Remote Code Execution via Hidden FTP Command

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

by anonymous

CVSS 9.8

View

EIP-2026-115303 EXPLOITDB text VERIFIED

FreeTrim MP3 2.2.3 - Denial of Service

by h1ch4m

View

EIP-2026-108204 EXPLOITDB text VERIFIED

Joomla! Component Annuaire - 'index.php?id' SQL Injection

by Ashiyane Digital Security Team

View

EIP-2026-106922 EXPLOITDB text VERIFIED

etomite 1.1 - Multiple Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-106140 EXPLOITDB text VERIFIED

Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-106139 EXPLOITDB text

Contenido CMS 4.8.12 - Cross-Site Scripting

by High-Tech Bridge SA

View

CVE-2010-4782 EXPLOITDB text VERIFIED

Softwebs Nepal Ananda Real Estate 3.4 - SQL Injection

Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.

by underground-stockholm.com

View

CVE-2010-3266 EXPLOITDB text VERIFIED

BugTracker.NET < 3.4.5 - Authenticated Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information.

by Core Security

View

EIP-2026-110388 EXPLOITDB text

OsCSS 1.2 - Arbitrary File Upload

by Shichemt Alen

View

CVE-2010-4406 EXPLOITDB text VERIFIED

Brunetton LittlePhpGallery 1.0.2 - Path Traversal via Repertoire Parameter

Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter.

by kire bozorge khavarmian

View

EIP-2026-106454 EXPLOITDB text

Digitalus 1.10.0 Alpha2 - Arbitrary File Upload

by eidelweiss

View