Exploitdb Exploits

EIP-2026-111944 EXPLOITDB text VERIFIED

Schweizer NISADA Communication CMS - SQL Injection

by Dr.0rYX & Cr3W-DZ

View

EIP-2026-108641 EXPLOITDB text VERIFIED

Joomla! Component Event Manager - Blind SQL Injection

by FL0RiX

View

EIP-2026-108609 EXPLOITDB text

Joomla! Component com_zcalendar - Blind SQL Injection

by FL0RiX

View

EIP-2026-108386 EXPLOITDB text VERIFIED

Joomla! Component com_jbook - Blind SQL Injection

by FL0RiX

View

EIP-2026-108329 EXPLOITDB text VERIFIED

Joomla! Component com_digistore - SQL Injection

by FL0RiX

View

EIP-2026-108249 EXPLOITDB text

Joomla! Component com_acmisc - SQL Injection

by FL0RiX

View

EIP-2026-108241 EXPLOITDB text VERIFIED

Joomla! Component City Portal - Blind SQL Injection

by FL0RiX

View

EIP-2026-107464 EXPLOITDB text

gpEasy 1.5RC3 - Remote File Inclusion

by cr4wl3r

View

CVE-2009-4435 EXPLOITDB text VERIFIED

F3Site 2009 - Path Traversal via GLOBALS[nlang] Parameter

Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.

by cr4wl3r

View

CVE-2009-4435 EXPLOITDB text VERIFIED

F3Site 2009 - Path Traversal via GLOBALS[nlang] Parameter

Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.

by cr4wl3r

View

EIP-2026-105166 EXPLOITDB text VERIFIED

Ampache 3.4.3 - 'login.php' Multiple SQL Injections

by R3d-D3V!L

View

EIP-2026-100292 EXPLOITDB text VERIFIED

E-Smart Cart - SQL Injection

by R3d-D3V!L

View

CVE-2009-4367 EXPLOITDB text VERIFIED

Sitecore Staging Module <5.4.0 - Auth Bypass

The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.

by L. Weichselbaum

View

CVE-2007-5026 EXPLOITDB text VERIFIED

dBlog CMS - Unauthenticated Sensitive Information Exposure via Direct Database Request

dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb.

by AnTi SeCuRe

View

CVE-2009-4430 EXPLOITDB text VERIFIED

VirtueMart 1.0 - SQL Injection via product_id Parameter

SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.

by Neo-GabrieL

View

CVE-2008-6809 EXPLOITDB text VERIFIED

Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter

SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.

by R3d-D3V!L

View

EIP-2026-112913 EXPLOITDB text VERIFIED

Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (1)

by Stink

View

CVE-2009-4403 EXPLOITDB text VERIFIED

Rumba XML 1.8 - Cross-Site Scripting via PATH_INFO

Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information.

by Hadi Kiamarsi

View

EIP-2026-111765 EXPLOITDB text VERIFIED

ReVou Software - SQL Injection

by R3d-D3V!L

View

EIP-2026-111651 EXPLOITDB text VERIFIED

QuiXplorer 2.x - 'lang' Local File Inclusion

by Juan Galiana Lara

View

EIP-2026-111475 EXPLOITDB text VERIFIED

Pre Job Board 1.0 - Authentication Bypass

by bi0

View

EIP-2026-111368 EXPLOITDB text VERIFIED

Pluxml-Blog 4.2 - '/core/admin/auth.php' Cross-Site Scripting

by Metropolis

View

CVE-2011-4275 EXPLOITDB text

iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors

Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.

by Braeden Thomas

View

EIP-2026-110695 EXPLOITDB text VERIFIED

PHP F1 Upload - Arbitrary File Upload

by wlhaan hacker

View

EIP-2026-109343 EXPLOITDB text VERIFIED

Matrimony Script - Cross-Site Request Forgery

by bi0

View