Exploitdb Exploits

EIP-2026-111576 EXPLOITDB text

Public Media Manager - SQL Injection

by learn3r hacker

View

EIP-2026-111562 EXPLOITDB text

PSI CMS 0.3.1 - SQL Injection

by learn3r hacker

View

EIP-2026-111409 EXPLOITDB text VERIFIED

Populum 2.3 - SQL Injection

by SiLeNtp0is0n

View

EIP-2026-108566 EXPLOITDB text VERIFIED

Joomla! Component com_tienda - 'categoria' Cross-Site Scripting

by FL0RiX

View

EIP-2026-107587 EXPLOITDB text VERIFIED

Hesk Help Desk 2.1 - Cross-Site Request Forgery

by The.Morpheus

View

EIP-2026-105863 EXPLOITDB text VERIFIED

CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities

by h00die

View

CVE-2010-0002 EXPLOITDB text VERIFIED

Bash - Terminal Escape Sequence Injection via LS_OPTIONS

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.

by Eric Piel

View

EIP-2026-100123 EXPLOITDB text VERIFIED

Asp VevoCart Control System 3.0.4 - Database Disclosure

by indoushka

View

EIP-2026-112129 EXPLOITDB text VERIFIED

Simple PHP Blog 0.5.x - 'search.php' Cross-Site Scripting

by Sora

View

CVE-2010-1361 EXPLOITDB text VERIFIED

PHPepperShop 2.5 - Cross-Site Scripting via darstellen Parameter

Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter.

by Crux

View

EIP-2026-109081 EXPLOITDB text VERIFIED

Layout CMS 1.0 - SQL Injection / Cross-Site Scripting

by Red-D3v1L

View

CVE-2010-0319 EXPLOITDB text VERIFIED

Docmint 1.0 and 2.1 - Cross-Site Scripting via id Parameter

Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.

by Red-D3v1L

View

CVE-2009-4495 EXPLOITDB text VERIFIED

Yaws 1.85 - Terminal Emulator Escape Sequence Injection via HTTP Request

Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

by evilaliv3

View

CVE-2009-4489 EXPLOITDB text VERIFIED

Cherokee < 0.99.31 - Remote Code Execution via Terminal Emulator Escape Sequence

header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

by evilaliv3

View

EIP-2026-112695 EXPLOITDB text VERIFIED

tincan ltd - 'section' SQL Injection

by ALTBTA

View

CVE-2010-0321 EXPLOITDB text VERIFIED

Jamit Job Board 3.0 - Cross-Site Scripting via post_id Parameter

Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.

by Crux

View

EIP-2026-107791 EXPLOITDB text

Image Hosting Script - Arbitrary File Upload

by R3d-D3V!L

View

EIP-2026-107504 EXPLOITDB text VERIFIED

gridcc script 1.0 - SQL Injection / Cross-Site Scripting

by Red-D3v1L

View

CVE-2010-1360 EXPLOITDB text

FAQEngine 4.24.00 - Remote File Inclusion via path_faqe Parameter

Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.

by kaMtiEz

View

EIP-2026-106408 EXPLOITDB text VERIFIED

DELTAScripts PHP Links 1.0 - 'email' Cross-Site Scripting

by Crux

View

EIP-2026-106007 EXPLOITDB text

CMScontrol 7.x - Arbitrary File Upload

by Cyber_945

View

EIP-2026-105076 EXPLOITDB text VERIFIED

Alex Guestbook - Multiple Vulnerabilities

by LionTurk

View

EIP-2026-104920 EXPLOITDB text VERIFIED

Active Calendar 1.2 - '$_SERVER['PHP_SELF']' Multiple Cross-Site Scripting Vulnerabilities

by Martin Barbella

View

EIP-2026-104872 EXPLOITDB text VERIFIED

@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities

by D3V!L FUCKER

View

CVE-2009-4488 EXPLOITDB CRITICAL text VERIFIED

Varnish 2.0.6 - Terminal Emulator Escape Sequence Injection via Log File

Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.

by evilaliv3

CVSS 9.8

View