Text Exploits

EIP-2026-108330 EXPLOITDB text VERIFIED

Joomla! Component com_dirfrm - Multiple SQL Injections

by Hieuneo

View

EIP-2026-104660 EXPLOITDB text

PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow

by Canberk BOLAT

View

CVE-2010-3742 EXPLOITDB text VERIFIED

Free Simple CMS 1.0 - Remote Code Execution via Meta or PHPINCDIR Parameter

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307.

by Dr.$audi

View

CVE-2009-3103 EXPLOITDB text

Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

by Piotr Bania

View

EIP-2026-115784 EXPLOITDB text VERIFIED

Microsoft Windows - Win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks

by Tavis Ormandy

View

CVE-2010-1887 EXPLOITDB text VERIFIED

Microsoft Windows 2003 Server - Improper Input Validation

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."

by Tavis Ormandy

View

CVE-2010-1890 EXPLOITDB text VERIFIED

Windows 7, Windows Server 2008, and Windows Vista - Denial of Service via Kernel Object ACL Validation

The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."

by Tavis Ormandy

View

CVE-2010-1888 EXPLOITDB text VERIFIED

Windows XP SP3 - Local Privilege Escalation via Thread Creation Race Condition

Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."

by Tavis Ormandy

View

CVE-2010-1889 EXPLOITDB HIGH text VERIFIED

Windows Vista SP1-SP2 & Server 2008 Gold-SP2 - Local Privilege Escalation via Kernel Error

Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."

by Tavis Ormandy

CVSS 7.8

View

CVE-2010-4298 EXPLOITDB text VERIFIED

Free Simple Software 1.0 - SQL Injection via downloads_id Parameter

SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.

by Dr.$audi

View

EIP-2026-118217 EXPLOITDB text VERIFIED

123 FlashChat 7.8 - Multiple Vulnerabilities

by Lincoln

View

EIP-2026-108461 EXPLOITDB text VERIFIED

Joomla! Component com_ongallery - SQL Injection

by al bayraqim

View

EIP-2026-108397 EXPLOITDB text VERIFIED

Joomla! Component com_jgrid 1.0 - Local File Inclusion

by Salvatore Fresta

View

EIP-2026-108339 EXPLOITDB text

Joomla! Component com_equipment - SQL Injection

by Forza-Dz

View

EIP-2026-104810 EXPLOITDB text VERIFIED

123 Flash Chat 7.8 - Multiple Vulnerabilities

by Lincoln

View

EIP-2026-114634 EXPLOITDB text VERIFIED

Zomplog 3.9 - 'message' Cross-Site Scripting

by 10n1z3d

View

CVE-2010-4938 EXPLOITDB text VERIFIED

Joomla! com_weblinks - SQL Injection via Itemid Parameter

SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

by ViRuS Qalaa

View

EIP-2026-108346 EXPLOITDB text VERIFIED

Joomla! Component com_fireboard - 'Itemid' SQL Injection

by ViRuS Qalaa

View

EIP-2026-107520 EXPLOITDB text

Guestbook Script PHP - Cross-Site Scripting / HTML Injection

by AnTi SeCuRe

View

CVE-2010-2862 EXPLOITDB text VERIFIED

Adobe Reader 8.2.3 and 9.3.3 and Acrobat 9.3.3 - Remote Code Execution via TrueType Font maxCompositePoints Overflow

Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.

by Ramz Afzar

View

EIP-2026-112398 EXPLOITDB text VERIFIED

Sports Accelerator Suite 2.0 - 'news_id' SQL Injection

by LiquidWorm

View

EIP-2026-112007 EXPLOITDB text

sFileManager 24a - Local File Inclusion

by Pepelux

View

EIP-2026-104916 EXPLOITDB text

ACollab - Multiple Vulnerabilities

by AmnPardaz

View

EIP-2026-118878 EXPLOITDB text VERIFIED

Microsoft Windows Kerberos - 'Pass The Ticket' Replay Security Bypass

by Emmanuel Bouillon

View

EIP-2026-116252 EXPLOITDB text VERIFIED

SmartCode ServerX VNC Server ActiveX 1.1.5.0 - 'scvncsrvx.dll' Denial of Service

by LiquidWorm

View