Exploitdb Exploits

EIP-2026-103582 EXPLOITDB text VERIFIED

Multiple Browsers - Address bar Characters

by Pouya Daneshmand

View

EIP-2026-101057 EXPLOITDB text

Nokia Symbian OS 3rd Edition - Multiple Web Browser Vulnerabilities

by Nishant Das Patnaik

View

EIP-2026-100373 EXPLOITDB text

Infragistics WebHtmlEditor 7.1 - Multiple Vulnerabilities

by SpeeDr00t

View

CVE-2010-0641 EXPLOITDB text VERIFIED

Cisco Collaboration Server 5 - Cross-Site Scripting via LoginPage.jhtml Dest Parameter

Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.

by s4squatch

View

CVE-2010-0665 EXPLOITDB text

JAG 1.14 - Unauthenticated Sensitive Information Exposure via Direct Request

JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.

by Phenom

View

EIP-2026-115095 EXPLOITDB text

Core Impact 7.5 - Denial of Service

by Beenu Arora

View

EIP-2026-112991 EXPLOITDB text VERIFIED

vBulletin 3.5.4 - Multiple Cross-Site Scripting Vulnerabilities

by ROOT_EGY

View

EIP-2026-112989 EXPLOITDB text

vBulletin 3.5.2 - Cross-Site Scripting

by ROOT_EGY

View

EIP-2026-112986 EXPLOITDB text

vBulletin 3.0.0 - Cross-Site Scripting

by ROOT_EGY

View

EIP-2026-112983 EXPLOITDB text

vBulletin 2.3.x - SQL Injection

by ROOT_EGY

View

CVE-2010-0763 EXPLOITDB text VERIFIED

CommodityRentals Vacation Rental Software - SQL Injection

SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.

by JaMbA

View

CVE-2010-0693 EXPLOITDB text VERIFIED

CommodityRentals Trade Manager Script - SQL Injection

SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

by JaMbA

View

EIP-2026-109778 EXPLOITDB text VERIFIED

myPHP Guestbook 2.0.4 - Database Backup Dump

by ViRuSMaN

View

EIP-2026-107340 EXPLOITDB text VERIFIED

GameRoom Script - Authentication Bypass / Arbitrary File Upload

by JIKO

View

EIP-2026-106083 EXPLOITDB text VERIFIED

CommodityRentals CD Rental Software - 'index.php' SQL Injection

by Don Tukulesto

View

CVE-2010-0762 EXPLOITDB text VERIFIED

CommodityRentals CD Rental Software - SQL Injection

SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.

by Don Tukulesto

View

CVE-2010-0761 EXPLOITDB text VERIFIED

CommodityRentals Books/eBooks Rentals Script - SQL Injection

SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.

by Don Tukulesto

View

EIP-2026-105195 EXPLOITDB text VERIFIED

apemCMS - SQL Injection

by Ariko-Security

View

EIP-2026-104671 EXPLOITDB text VERIFIED

PHP Captcha Security Images - Denial of Service

by cp77fk4r

View

EIP-2026-104507 EXPLOITDB text VERIFIED

X-Cart Pro 4.0.13 - SQL Injection

by s4squatch

View

CVE-2010-0690 EXPLOITDB text VERIFIED

CommodityRentals Video Games Rentals - SQL Injection

SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.

by JaMbA

View

CVE-2008-1470 EXPLOITDB text VERIFIED

RSA WebID - Cross-Site Scripting via IISWebAgentIF.dll postdata Parameter

Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.

by s4squatch

View

CVE-2010-0642 EXPLOITDB text VERIFIED

Cisco Collaboration Server 5 - Unauthenticated Sensitive Information Exposure via URL-Encoded Filename Extension Bypass

Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.

by s4squatch

View

CVE-2010-0701 EXPLOITDB text

Newgen Software OmniDocs - SQL Injection

SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

by thebluegenius

View

EIP-2026-112871 EXPLOITDB text VERIFIED

ULoki Community Forum 2.1 - 'usercp.php' Cross-Site Scripting

by Sioma Labs

View