Exploitdb Exploits

EIP-2026-110227 EXPLOITDB text VERIFIED

Open Educational System 0.1 Beta - 'CONF_INCLUDE_PATH' Multiple Remote File Inclusions

by cr4wl3r

View

CVE-2007-2792 EXPLOITDB text VERIFIED

Yet another Newsletter Component (YaNC) < 1.5 beta 3 - SQL Injection via listid Parameter

SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.

by snakespc

View

CVE-2010-2135 EXPLOITDB text VERIFIED

HazelPress Lite <= 0.0.4 - SQL Injection via Username or Password Field

Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields.

by cr4wl3r

View

EIP-2026-105417 EXPLOITDB text

Baykus Yemek Tarifleri 2.1 - SQL Injection

by cr4wl3r

View

EIP-2026-100405 EXPLOITDB text VERIFIED

Majoda CMS - Authentication Bypass

by Phenom

View

CVE-2010-2137 EXPLOITDB text VERIFIED

Giaard Proman < 0.1.1 - Code Injection

PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

by cr4wl3r

View

CVE-2010-1090 EXPLOITDB text

phpmysite - SQL Injection via Index.php Action Parameter

SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.

by Crux

View

CVE-2010-1366 EXPLOITDB text VERIFIED

Uiga Fan Club 1.0 - SQL Injection via admin_name or admin_password Parameters

Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters.

by cr4wl3r

View

EIP-2026-112210 EXPLOITDB text

Slaed CMS 4.0 - Multiple Vulnerabilities

by indoushka

View

EIP-2026-112209 EXPLOITDB text VERIFIED

SLAED CMS 4 - Installation Script Unauthorized Access

by indoushka

View

CVE-2010-1092 EXPLOITDB text

ScriptsFeed Business Directory Software - SQL Injection

Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.

by Crux

View

CVE-2010-2138 EXPLOITDB text VERIFIED

Giaard Proman < 0.1.1 - Path Traversal

Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php.

by cr4wl3r

View

CVE-2010-2134 EXPLOITDB text VERIFIED

Http-solution Project Man - SQL Injection

Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

by cr4wl3r

View

CVE-2010-1538 EXPLOITDB text

phpRAINCHECK <1.0.1 - SQL Injection

SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

by cr4wl3r

View

CVE-2010-1091 EXPLOITDB text

phpmysite - Cross-Site Scripting via contact.php Parameters

Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.

by Crux

View

CVE-2010-1537 EXPLOITDB text VERIFIED

phpCDB < 1.0 - Remote File Inclusion via Lang Global Parameter

Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) firstvisit.php, (2) newfolder.php, (3) showfolders.php, (4) newlang.php, (5) showinnerfolder.php, (6) writecode.php, and (7) showcode.php.

by cr4wl3r

View

CVE-2010-1094 EXPLOITDB text VERIFIED

DZ EROTIK Auktionshaus V4rgo - SQL Injection

SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.

by Easy Laster

View

CVE-2010-1369 EXPLOITDB text

Pre Classified Listings ASP - SQL Injection

SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.

by Crux

View

CVE-2010-1128 EXPLOITDB text VERIFIED

PHP < 5.2.13 - Insufficient Entropy in Linear Congruential Generator

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

by Rasmus

View

CVE-2010-2130 EXPLOITDB text VERIFIED

Aris Global ARISg 5.0 - Cross-Site Scripting via wflogin.jsp errmsg Parameter

Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.

by Yaniv Miron

View

EIP-2026-100015 EXPLOITDB text VERIFIED

FileExecutive 1 - Multiple Vulnerabilities

by ViRuSMaN

View

EIP-2026-113239 EXPLOITDB text VERIFIED

WebAdministrator Lite CMS - SQL Injection

by Ariko-Security

View

EIP-2026-112324 EXPLOITDB text VERIFIED

Softbiz Recipes Portal Script - 'showcats.php' SQL Injection

by Easy Laster

View

EIP-2026-109907 EXPLOITDB text VERIFIED

Newbie CMS 0.0.2 - Insecure Cookie Authentication Bypass

by JIKO

View

CVE-2010-1368 EXPLOITDB text VERIFIED

GameScript 3.0 - SQL Injection via index.php id Parameter

SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.

by FormatXformat

View