Text Exploits

EIP-2026-106654 EXPLOITDB text VERIFIED

e107 0.7.23 - Multiple SQL Injections

by High-Tech Bridge SA

View

CVE-2010-3602 EXPLOITDB text VERIFIED

mojoPortal 2.3.4.3 and 2.3.5.1 - Cross-Site Scripting via User ID Parameter

Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information.

by Abysssec

View

EIP-2026-119330 EXPLOITDB text VERIFIED

YelloSoft Pinky 1.0 - Directory Traversal

by John Leitch

View

CVE-2010-1248 EXPLOITDB text VERIFIED

Microsoft Office Excel <2004 - Buffer Overflow

Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."

by Abysssec

View

CVE-2010-3603 EXPLOITDB text VERIFIED

mojoPortal 2.3.4.3 and 2.3.5.1 - Cross-Site Request Forgery in File Manager Service

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.

by Abysssec

View

CVE-2010-3480 EXPLOITDB text VERIFIED

ApPHP PHP MicroCMS 1.0.1 - Path Traversal

Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

by Abysssec

View

CVE-2010-3305 EXPLOITDB HIGH text VERIFIED

pixelpost 1.7.3 - Cross-Site Request Forgery

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.

by Sweet

CVSS 8.8

View

CVE-2010-3460 EXPLOITDB text VERIFIED

AXIGEN Mail Server 7.4.1 - Path Traversal

Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.

by Bogdan Calin

View

CVE-2010-3481 EXPLOITDB text VERIFIED

ApPHP PHP MicroCMS 1.0.1 - SQL Injection

Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable.

by Abysssec

View

EIP-2026-110004 EXPLOITDB text VERIFIED

NWS-Classifieds - 'cmd' Local File Inclusion

by John Leitch

View

CVE-2009-4864 EXPLOITDB text VERIFIED

I-Escorts Directory Script and Agency Script - Cross-Site Scripting via search_name or languages Parameter

Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.

by 599eme Man

View

CVE-2010-3462 EXPLOITDB text VERIFIED

Mollify 1.6 and 1.6.5.5 - Cross-Site Scripting via Confirm Parameter

Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information.

by John Leitch

View

CVE-2010-3461 EXPLOITDB text VERIFIED

eNdonesia 8.4 - SQL Injection via Publisher Module artid Parameter

SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.

by vYc0d

View

EIP-2026-106010 EXPLOITDB text VERIFIED

CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion

by John Leitch

View

EIP-2026-105288 EXPLOITDB text VERIFIED

ATutor 1.0 - Multiple 'cid' Cross-Site Scripting Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-104917 EXPLOITDB text VERIFIED

AContent 1.0 - Cross-Site Scripting / HTML Injection

by High-Tech Bridge SA

View

EIP-2026-104906 EXPLOITDB text VERIFIED

AChecker 1.0 - 'URI' Cross-Site Scripting

by High-Tech Bridge SA

View

CVE-2010-4909 EXPLOITDB text VERIFIED

PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter

Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.

by Valentin Hoebel

View

CVE-2010-4909 EXPLOITDB text VERIFIED

PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter

Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.

by Valentin Hoebel

View

CVE-2010-3422 EXPLOITDB text VERIFIED

Joomla! com_jgen 0.9.33 - SQL Injection

SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

by **RoAd_KiLlEr**

View

CVE-2010-3407 EXPLOITDB text VERIFIED

IBM Lotus Domino <8.0.2 FP5-8.5.1 FP2 - RCE

Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.

by A. Plaskett

View

EIP-2026-100331 EXPLOITDB text VERIFIED

freediscussionforums 1.0 - Multiple Vulnerabilities

by Abysssec

View

EIP-2026-114825 EXPLOITDB text VERIFIED

AA SMTP Server 1.1 - Crash (PoC)

by SONIC

View

CVE-2010-4912 EXPLOITDB text VERIFIED

UCenter Home 2.0 - SQL Injection via shop.php shopid Parameter

SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.

by KnocKout

View

EIP-2026-112443 EXPLOITDB text

Storyteller CMS - 'var' Local File Inclusion

by h4ck3r

View