Text Exploits

EIP-2026-100337 EXPLOITDB text VERIFIED

gausCMS - Multiple Vulnerabilities

by Abysssec

View

EIP-2026-119154 EXPLOITDB text VERIFIED

Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow

by LiquidWorm

View

CVE-2010-1248 EXPLOITDB text VERIFIED

Microsoft Office Excel <2004 - Buffer Overflow

Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."

by Abysssec

View

CVE-2010-3608 EXPLOITDB text VERIFIED

wpQuiz 2.7 - SQL Injection via id or password Parameter

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.

by KnocKout

View

CVE-2010-3601 EXPLOITDB text VERIFIED

ibPhotohost 1.1.2 - SQL Injection via img Parameter

SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.

by fred777

View

CVE-2010-4930 EXPLOITDB text VERIFIED

atmail webmail < 6.1.9 - Cross-Site Scripting via MailType Parameter

Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.

by Vicente Aguilera Diaz

View

EIP-2026-103884 EXPLOITDB text VERIFIED

CollabNet Subversion Edge Log Parser - HTML Injection

by Sumit Kumar Soni

View

EIP-2026-100482 EXPLOITDB text VERIFIED

Personal.Net Portal - Multiple Vulnerabilities

by Abysssec

View

CVE-2010-3484 EXPLOITDB text VERIFIED

LightNEasy 3.2.1 - SQL Injection via Handle Parameter

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.

by Solidmedia

View

CVE-2010-3482 EXPLOITDB text

Primitive CMS 1.0.9 - SQL Injection

Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication.

by Stephan Sattler

View

EIP-2026-115640 EXPLOITDB text VERIFIED

Microsoft DRM Technology - 'msnetobj.dll' ActiveX Multiple Vulnerabilities

by Asheesh kumar Mani Tripathi

View

CVE-2010-3483 EXPLOITDB text

Primitive CMS 1.0.9 - Privilege Escalation

cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.

by Stephan Sattler

View

CVE-2010-4752 EXPLOITDB text VERIFIED

LightNEasy 3.2.1 - SQL Injection via Page Parameter

SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

by Solidmedia

View

EIP-2026-102726 EXPLOITDB text

RarCrack 0.2 - 'Filename init() .bss' (PoC)

by Stoke

View

CVE-2010-3486 EXPLOITDB text VERIFIED

SmarterMail 7.1.3876 - Path Traversal

Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.

by sqlhacker

View

EIP-2026-110264 EXPLOITDB text VERIFIED

Opencart 1.4.9.1 - Arbitrary File Upload

by Net.Edit0r

View

EIP-2026-107052 EXPLOITDB text

Fashione E-Commerce Webshop - Multiple SQL Injections

by secret

View

CVE-2010-3479 EXPLOITDB text VERIFIED

BoutikOne 1.0 - SQL Injection via Page Parameter

SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

by BrOx-Dz

View

EIP-2026-100381 EXPLOITDB text VERIFIED

jmd-cms - Multiple Vulnerabilities

by Abysssec

View

CVE-2010-4927 EXPLOITDB text VERIFIED

Joomla! com_restaurantguide 1.0.0 - SQL Injection

SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.

by Valentin

View

EIP-2026-115738 EXPLOITDB text VERIFIED

Microsoft Mspaint - '.bmp' Crash (PoC)

by andrew

View

CVE-2010-4954 EXPLOITDB text VERIFIED

xt:Commerce Gambio 2008 - SQL Injection

SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.

by secret

View

CVE-2010-4928 EXPLOITDB text VERIFIED

Joomla! com_restaurantguide 1.0.0 - XSS

Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.

by Valentin

View

EIP-2026-111158 EXPLOITDB text VERIFIED

phpMyFamily - Multiple Vulnerabilities

by Abysssec

View

CVE-2010-3489 EXPLOITDB text VERIFIED

CMS Digital Workroom 5.5.0 - Cross-Site Scripting via goback Parameter

Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter.

by Gjoko Krstic

View