Text Exploits

EIP-2026-100106 EXPLOITDB text VERIFIED

Angel Learning Management System 7.3 - 'pdaview.asp' Cross-Site Scripting

by Wesley Kerfoot

View

CVE-2010-4091 EXPLOITDB text VERIFIED

Adobe Reader and Acrobat - Remote Code Execution via Crafted PDF Document

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.

by scup

View

CVE-2010-5318 EXPLOITDB text VERIFIED

SweetRice CMS < 0.6.7.1 - Unauthenticated Password Reset via Email Parameter

The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.

by High-Tech Bridge SA

View

EIP-2026-109481 EXPLOITDB text

MiniBB 2.5 - SQL Injection

by High-Tech Bridge SA

View

EIP-2026-108068 EXPLOITDB text VERIFIED

JBI CMS - SQL Injection

by Cru3l.b0y

View

EIP-2026-108029 EXPLOITDB text

JAF CMS 4.0 rc2 - Multiple Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-106895 EXPLOITDB text VERIFIED

eoCMS 0.9.04 - Multiple Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-114964 EXPLOITDB text

Avira Premium Security Suite - 'NtCreateKey' Race Condition

by Nikita Tarakanov

View

EIP-2026-114596 EXPLOITDB text

Zen Cart 1.3.9h - Local File Inclusion

by Salvatore Fresta

View

EIP-2026-106844 EXPLOITDB text VERIFIED

eLouai's Force Download Script - Arbitrary Local File Download

by v1R00Z

View

CVE-2010-4633 EXPLOITDB text VERIFIED

digiSHOP 2.0.2 - SQL Injection via cart.php id Parameter

SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.

by Silic0n

View

CVE-2010-3039 EXPLOITDB text VERIFIED

Cisco Unified Communications Manager <8 - Command Injection

/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.

by Knud Erik Hjgaard

View

EIP-2026-115589 EXPLOITDB text VERIFIED

Maxthon 3.0.18.1000 - CSS Denial of Service

by 4n0nym0us

View

EIP-2026-113330 EXPLOITDB text VERIFIED

Webmedia Explorer 6.13.1 - Persistent Cross-Site Scripting

by High-Tech Bridge SA

View

CVE-2010-4186 EXPLOITDB text VERIFIED

OnlineTechTools OWOS Professional Edition 2.10 - SQL Injection via Password Parameter

SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.

by VSN

View

EIP-2026-109411 EXPLOITDB text VERIFIED

MemHT Portal 4.0.1 - Persistent Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-108966 EXPLOITDB text VERIFIED

Kandidat CMS 1.4.2 - Persistent Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-106528 EXPLOITDB text

Dolphin 7.0.3 - Multiple Vulnerabilities

by anT!-Tr0J4n

View

EIP-2026-105344 EXPLOITDB text

Azaronline Design - SQL Injection

by XroGuE

View

CVE-2010-3863 EXPLOITDB text VERIFIED

Apache Shiro < 1.1.0 and JSecurity 0.9.x - Path Traversal via URI Path Bypass

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

by Luke Taylor

View

CVE-2010-3879 EXPLOITDB text VERIFIED

libfuse < 2.8.5 - Unauthenticated Arbitrary Filesystem Unmount via Symlink Attack

FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.

by halfdog

View

CVE-2010-4635 EXPLOITDB text VERIFIED

Site2Nite Vacation Rental Listings - SQL Injection via detail.asp ID Parameter

SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.

by L0rd CrusAd3r

View

CVE-2010-4636 EXPLOITDB text VERIFIED

Site2Nite Business e-Listings - SQL Injection via ID Parameter

SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.

by L0rd CrusAd3r

View

CVE-2010-4186 EXPLOITDB text VERIFIED

OnlineTechTools OWOS Professional Edition 2.10 - SQL Injection via Password Parameter

SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.

by L0rd CrusAd3r

View

EIP-2026-100241 EXPLOITDB text VERIFIED

Digger Solutions NewsLetter Open Source - SQL Injection

by L0rd CrusAd3r

View