Exploitdb Exploits

CVE-2010-0721 EXPLOITDB text VERIFIED

Auktionshaus Gelb 3.0 - SQL Injection

SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

by Easy Laster

View

EIP-2026-105299 EXPLOITDB text VERIFIED

Auktionshaus 4 - 'news.php' SQL Injection

by Easy Laster

View

EIP-2026-113399 EXPLOITDB text VERIFIED

wh-em.com upload 7.0 - Insecure Cookie Authentication Bypass

by indoushka

View

EIP-2026-112344 EXPLOITDB text VERIFIED

SongForever.com Clone - Arbitrary File Upload

by indoushka

View

CVE-2010-0671 EXPLOITDB text VERIFIED

KR MEDIA Pogodny CMS - SQL Injection via id Parameter in niusy Action

SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.

by Ariko-Security

View

EIP-2026-109277 EXPLOITDB text VERIFIED

Mambo Component 'com_acnews' - 'id' SQL Injection

by Zero Bits & Xzit3

View

CVE-2010-0709 EXPLOITDB text

Limny 2.0 - Cross-Site Request Forgery in User and Admin Actions

Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.

by Luis Santana

View

CVE-2010-0709 EXPLOITDB text

Limny 2.0 - Cross-Site Request Forgery in User and Admin Actions

Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.

by Luis Santana

View

EIP-2026-107013 EXPLOITDB text VERIFIED

EziScript Google Page Rank 1.1 - Cross-Site Scripting

by sarabande

View

EIP-2026-106979 EXPLOITDB text VERIFIED

Extreme Mobster - 'login' Cross-Site Scripting

by indoushka

View

CVE-2010-0675 EXPLOITDB text VERIFIED

BGS CMS 2.2.1 - Cross-Site Scripting via Search Parameter

Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information.

by [email protected]

View

EIP-2026-101308 EXPLOITDB text VERIFIED

Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities

by Ivan Markovic

View

EIP-2026-100489 EXPLOITDB text VERIFIED

Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities

by Roel Schouten

View

CVE-2010-0673 EXPLOITDB text VERIFIED

Copperleaf Photolog 0.16 - SQL Injection via postid Parameter

SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.

by kaMtiEz

View

EIP-2026-112485 EXPLOITDB text VERIFIED

superengine CMS (Custom Pack) - SQL Injection

by 10n1z3d

View

EIP-2026-109448 EXPLOITDB text VERIFIED

microUpload - Arbitrary File Upload

by Phenom

View

EIP-2026-108414 EXPLOITDB text VERIFIED

Joomla! Component com_joomportfolio - Blind Injection

by snakespc

View

EIP-2026-108364 EXPLOITDB text VERIFIED

Joomla! Component com_hdvideoshare - SQL Injection

by snakespc

View

EIP-2026-107377 EXPLOITDB text

Généré par KDPics 1.18 - Remote Add Admin

by snakespc

View

EIP-2026-106497 EXPLOITDB text VERIFIED

Dodo Upload 1.3 - Arbitrary File Upload (Bypass)

by indoushka

View

EIP-2026-106054 EXPLOITDB text

CoffieNet CMS - Admin Bypass

by indoushka

View

EIP-2026-105517 EXPLOITDB text VERIFIED

blog ink - Bypass Setting

by indoushka

View

CVE-2010-0677 EXPLOITDB text VERIFIED

Katalog Stron Hurricane 1.3.5 - SQL Injection via Index.php Get Parameter

SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.

by kaMtiEz

View

EIP-2026-112035 EXPLOITDB text VERIFIED

ShortCMS 1.2.0 - SQL Injection

by Thibow

View

EIP-2026-110736 EXPLOITDB text

PHP PEAR 1.9.0 - Multiple Remote File Inclusions

by eidelweiss

View