Exploitdb Exploits

CVE-2010-3425 EXPLOITDB text VERIFIED

SmarterStats <5.3.3819 - XSS

Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

by sqlhacker

View

CVE-2010-3486 EXPLOITDB text VERIFIED

SmarterMail 7.1.3876 - Path Traversal

Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.

by sqlhacker

View

CVE-2010-1899 EXPLOITDB text VERIFIED

Microsoft Internet Information Server - Memory Corruption

Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

by kingcope

View

EIP-2026-114595 EXPLOITDB text VERIFIED

zen cart 1.3.9f - Multiple Vulnerabilities

by LiquidWorm

View

EIP-2026-114594 EXPLOITDB text VERIFIED

Zen Cart 1.3.9f - 'typefilter' Local File Inclusion

by LiquidWorm

View

EIP-2026-112681 EXPLOITDB text VERIFIED

Tiki Wiki CMS Groupware 5.2 - Multiple Vulnerabilities

by John Leitch

View

EIP-2026-111170 EXPLOITDB text VERIFIED

phpMyShopping 1.0.1505 - Multiple Vulnerabilities

by Metropolis

View

EIP-2026-108071 EXPLOITDB text VERIFIED

jCart 1.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery/Open Redirect Vulnerabilities

by p0deje

View

EIP-2026-106925 EXPLOITDB text VERIFIED

Evaria Content Management System 1.1 - File Disclosure

by khayeye shotor

View

CVE-2010-4866 EXPLOITDB text VERIFIED

Chipmunk Board 1.3 - SQL Injection

SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.

by Shamus

View

EIP-2026-100825 EXPLOITDB text VERIFIED

Intellicom Netbiter webSCADA Products - 'read.cgi' Multiple Remote Security Vulnerabilities

by Eugene Salov

View

CVE-2010-4865 EXPLOITDB text VERIFIED

JE Guestbook (com_jeguestbook) 1.0 - SQL Injection

SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.

by Salvatore Fresta

View

EIP-2026-108124 EXPLOITDB text

JomSocial 1.8.8 - Arbitrary File Upload

by Jeff Channell

View

EIP-2026-100135 EXPLOITDB text VERIFIED

ASPMass Shopping Cart - Arbitrary File Upload / Cross-Site Request Forgery

by Abysssec

View

CVE-2010-1245 EXPLOITDB text VERIFIED

Microsoft Office <2008 for Mac - RCE

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.

by Abysssec

View

EIP-2026-113368 EXPLOITDB text

Webspell 4.x - safe_query Bypass

by silent vapor

View

CVE-2010-4861 EXPLOITDB text VERIFIED

webSPELL 4.2.1 - SQL Injection

SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.

by silent vapor

View

EIP-2026-111353 EXPLOITDB text VERIFIED

Pluck CMS 4.6.3 - 'cont1' HTML Injection

by High-Tech Bridge SA

View

CVE-2010-4860 EXPLOITDB text VERIFIED

MyPhpAuction 2010 - SQL Injection

SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.

by h4ck3r

View

CVE-2010-5278 EXPLOITDB text VERIFIED

MODx Revolution <2.0.2-pl - Path Traversal

Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.

by John Leitch

View

CVE-2010-4883 EXPLOITDB text VERIFIED

MODx Revolution 2.0.2-pl - XSS

Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.

by John Leitch

View

EIP-2026-119347 EXPLOITDB text

Aleza Portal 1.6 - Insecure SQL Injection / Cookie Handling

by KnocKout

View

CVE-2010-4821 EXPLOITDB text VERIFIED

phpMyFAQ <2.6.9 - XSS

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

by Yam Mesicka

View

EIP-2026-109445 EXPLOITDB text

Micro CMS 1.0 b1 - Persistent Cross-Site Scripting

by SecPod Research

View

EIP-2026-109443 EXPLOITDB text VERIFIED

Micro CMS 1.0 - 'name' HTML Injection (1)

by Veerendra G.G

View