Text Exploits

CVE-2010-4879 EXPLOITDB text

dompdf 0.6.0 beta1 - Remote Code Execution via input_file Parameter

PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.

by Andre_Corleone

View

EIP-2026-105163 EXPLOITDB text VERIFIED

Amiro.CMS 5.8.4.0 - Multiple HTML Injection Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-104530 EXPLOITDB text VERIFIED

Novell Netware 6.5 - OpenSSH Remote Stack Overflow

by Francis Provencher

View

EIP-2026-113228 EXPLOITDB text VERIFIED

Web-Ideas Web Shop Standard - SQL Injection

by Ariko-Security

View

CVE-2010-3211 EXPLOITDB text VERIFIED

JE FAQ Pro 1.5.0 - SQL Injection

Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.

by Chip d3 bi0s

View

CVE-2010-3003 EXPLOITDB text VERIFIED

HP Insight Diagnostics Online Edition <8.5.0-11 - XSS

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

by Mr Teatime

View

CVE-2010-3003 EXPLOITDB text VERIFIED

HP Insight Diagnostics Online Edition <8.5.0-11 - XSS

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

by Mr Teatime

View

CVE-2010-3003 EXPLOITDB text VERIFIED

HP Insight Diagnostics Online Edition <8.5.0-11 - XSS

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

by Mr Teatime

View

CVE-2010-3003 EXPLOITDB text VERIFIED

HP Insight Diagnostics Online Edition <8.5.0-11 - XSS

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

by Mr Teatime

View

CVE-2010-3003 EXPLOITDB text VERIFIED

HP Insight Diagnostics Online Edition <8.5.0-11 - XSS

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

by Mr Teatime

View

CVE-2010-1818 EXPLOITDB text VERIFIED

Apple QuickTime - Remote Code Execution via Untrusted Pointer Unmarshalling

The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.

by Ruben Santamarta

View

CVE-2010-3209 EXPLOITDB text

Seagull 0.6.7 - Remote File Inclusion via Multiple Parameters

Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php.

by FoX HaCkEr

View

CVE-2010-3203 EXPLOITDB text VERIFIED

com_picsell 1.0 - Path Traversal via dflink Parameter

Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.

by Craw

View

EIP-2026-113360 EXPLOITDB text VERIFIED

WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection

by MiND

View

EIP-2026-112994 EXPLOITDB text

vBulletin 3.8.4/3.8.5 - Registration Bypass

by Immortal Boy

View

CVE-2010-3212 EXPLOITDB text VERIFIED

Seagull <= 0.6.7 - SQL Injection via frmQuestion Parameter

SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.

by Sweet

View

CVE-2010-3210 EXPLOITDB text

Multi-lingual E-Commerce System 0.2 - RCE

Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/.

by JosS

View

EIP-2026-109352 EXPLOITDB text VERIFIED

Max's Guestbook - HTML Injection / Cross-Site Scripting

by MiND C0re

View

EIP-2026-107522 EXPLOITDB text VERIFIED

GuestBookPlus - HTML Injection / Bypass Comments Limit

by MiND C0re

View

EIP-2026-105797 EXPLOITDB text

CF Image Hosting Script 1.3.8 - Remote File Inclusion

by FoX HaCkEr

View

EIP-2026-115550 EXPLOITDB text VERIFIED

LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC)

by LiquidWorm

View

CVE-2008-2094 EXPLOITDB text VERIFIED

XOOPS Article Module - SQL Injection via id Parameter

SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

by []0iZy5

View

CVE-2010-3205 EXPLOITDB text

Textpattern CMS 4.2.0 - Remote Code Execution via index.php inc Parameter

PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

by Sn!pEr.S!Te

View

CVE-2010-3207 EXPLOITDB text VERIFIED

galeriashqip 1.0 - SQL Injection via album_id Parameter

SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.

by Valentin

View

CVE-2010-3206 EXPLOITDB text

diy-cms 1.0 - Remote Code Execution via PHP File Inclusion

Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php.

by LoSt.HaCkEr

View