Exploitdb Exploits

EIP-2026-104240 EXPLOITDB text VERIFIED

Engeman 6.x - SQL Injection

by crashbrz

View

CVE-2009-3525 EXPLOITDB text VERIFIED

Xen 3.0.3, 3.3.0, 3.3.1 - Unauthenticated Boot Parameter Modification via pyGrub

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password.

by Jan Lieskovsky

View

CVE-2009-3457 EXPLOITDB text VERIFIED

Cisco ACE Web Application Firewall and ACE XML Gateway < 6.1 - Information Disclosure via Unhandled HTTP Request

Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159.

by nitr0us

View

EIP-2026-100096 EXPLOITDB text VERIFIED

Activedition - '/activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities

by Richard Brain

View

EIP-2026-112514 EXPLOITDB text VERIFIED

Swiss Mango CMS - SQL Injection

by kaMtiEz

View

EIP-2026-111735 EXPLOITDB text VERIFIED

Regental Medien - Blind SQL Injection

by NoGe

View

EIP-2026-109474 EXPLOITDB text VERIFIED

MindSculpt CMS - SQL Injection

by kaMitEz

View

CVE-2009-3443 EXPLOITDB text VERIFIED

Fastball (com_fastball) 1.1.0-1.2 - SQL Injection via League Parameter

SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.

by kaMtiEz

View

EIP-2026-107292 EXPLOITDB text VERIFIED

FSphp 0.2.1 - Remote File Inclusion

by NoGe

View

CVE-2009-3444 EXPLOITDB text VERIFIED

e107 < 0.7.16 - Cross-Site Scripting via HTTP Referer Header

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

by MustLive

View

EIP-2026-116856 EXPLOITDB text VERIFIED

Avast! AntiVirus 4.8.1351.0 - Denial of Service / Privilege Escalation

by Evilcry

View

EIP-2026-112969 EXPLOITDB text VERIFIED

Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection

by OoN_Boy

View

CVE-2009-3440 EXPLOITDB text VERIFIED

OSSIM < 2.1.2 - Cross-Site Scripting via Option Parameter

Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).

by Alexey Sintsov

View

EIP-2026-106185 EXPLOITDB text VERIFIED

Cour Supreme - SQL Injection

by CrAzY CrAcKeR

View

EIP-2026-104539 EXPLOITDB text VERIFIED

Novell Edirectory 8.8 SP5 - Cross-Site Scripting

by Francis Provencher

View

CVE-2009-3898 EXPLOITDB text VERIFIED

nginx <0.7.63, <0.8.17 - Path Traversal

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

by kingcope

View

CVE-2009-3469 EXPLOITDB text VERIFIED

IBM Lotus Connections 2.0.1 - Cross-Site Scripting via Simple Search Name Parameter

Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

by IBM

View

CVE-2009-3495 EXPLOITDB text VERIFIED

Vastal I-Tech DVD Zone - SQL Injection via view_mag.php mag_id Parameter

SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.

by OoN_Boy

View

CVE-2009-3496 EXPLOITDB text VERIFIED

Vastal I-Tech DVD Zone - Cross-Site Scripting via view_mag.php mag_id Parameter

Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.

by OoN_Boy

View

EIP-2026-112970 EXPLOITDB text VERIFIED

Vastal I-Tech Cosmetics Zone - 'view_products.php' SQL Injection

by OoN_Boy

View

CVE-2009-3491 EXPLOITDB text VERIFIED

Kinfusion SportFusion 0.2.2-0.2.3 - SQL Injection via cid[0] Parameter

SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.

by kaMtiEz

View

CVE-2009-3438 EXPLOITDB text VERIFIED

JoomlaFacebook (com_facebook) - SQL Injection via id Parameter

SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.

by kaMtiEz

View

EIP-2026-108665 EXPLOITDB text VERIFIED

Joomla! Component GroupJive 1.8 B4 - Remote File Inclusion

by M3NW5

View

CVE-2009-3438 EXPLOITDB text VERIFIED

JoomlaFacebook (com_facebook) - SQL Injection via id Parameter

SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.

by kaMtiEz

View

CVE-2009-3434 EXPLOITDB text VERIFIED

com_tupinambis 1.0 - SQL Injection via Proyecto Parameter

SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.

by Don Tukulesto

View