Exploitdb Exploits

EIP-2026-112809 EXPLOITDB text VERIFIED

Tukanas Classifieds 1.0 - 'index.php' SQL Injection

by Moudi

View

CVE-2009-3117 EXPLOITDB text VERIFIED

Snow Hall Silurus System 1.0 - SQL Injection via ID Parameter

SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

by Mr.SQL

View

CVE-2009-3124 EXPLOITDB text VERIFIED

QuarkMail - Path Traversal via get_message.cgi tf Parameter

Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter.

by Securitylab.ir

View

EIP-2026-110224 EXPLOITDB text VERIFIED

Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities

by Moudi

View

EIP-2026-107147 EXPLOITDB text VERIFIED

FlexCMS 2.5 - 'CookieUsername' Cookie SQL Injection

by Inj3ct0r

View

CVE-2009-3613 EXPLOITDB text VERIFIED

Linux Kernel < 2.6.27.22 - Denial of Service via r8169 Driver Jumbo Frame Handling

The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.

by Alistair Strachan

View

CVE-2009-2852 EXPLOITDB text VERIFIED

WP-Syntax < 0.9.1 - Remote Code Execution via test_filter[wp_head] Parameter

WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.

by Raz0r

View

CVE-2009-3123 EXPLOITDB text VERIFIED

visavi wap-motor < 18.0 - Path Traversal via Image Parameter

Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter.

by Inj3ct0r

View

CVE-2009-3116 EXPLOITDB text VERIFIED

Uiga Church Portal - SQL Injection via Year Parameter in Calendar Action

SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action.

by Mr.SQL

View

CVE-2009-3187 EXPLOITDB text VERIFIED

Standalonearcade Saa - XSS

Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

by Moudi

View

EIP-2026-112230 EXPLOITDB text VERIFIED

Smart Magician Blog 1.0 - Multiple SQL Injections

by Evil-Cod3r

View

CVE-2009-3193 EXPLOITDB text VERIFIED

uwix com_digifolio 1.52 - SQL Injection via id Parameter

SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.

by v3n0m

View

EIP-2026-107206 EXPLOITDB text VERIFIED

Free Arcade Script 1.0 - 'search' Cross-Site Scripting

by 599eme Man

View

CVE-2009-3184 EXPLOITDB text VERIFIED

E-Gold Game Series Pirates of The Caribbean - SQL Injection via x and y Parameters

Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.

by Moudi

View

CVE-2009-2776 EXPLOITDB text VERIFIED

Smart ASP Survey - SQL Injection via showresult.asp catid Parameter

SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.

by Moudi

View

CVE-2009-4973 EXPLOITDB text VERIFIED

TotalCalendar 2.4 - SQL Injection via rss.php selectedCal Parameter

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

by Moudi

View

CVE-2009-3190 EXPLOITDB text VERIFIED

PAD Site Scripts 3.6 - SQL Injection via Search or RSS Category Parameter

Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php.

by Mr.SQL

View

CVE-2009-3186 EXPLOITDB text VERIFIED

VideoGirls BiZ - Cross-Site Scripting via Forum, Profile, and View Parameters

Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.

by Moudi

View

CVE-2009-3186 EXPLOITDB text VERIFIED

VideoGirls BiZ - Cross-Site Scripting via Forum, Profile, and View Parameters

Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.

by Moudi

View

CVE-2009-3186 EXPLOITDB text VERIFIED

VideoGirls BiZ - Cross-Site Scripting via Forum, Profile, and View Parameters

Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.

by Moudi

View

CVE-2009-4974 EXPLOITDB text VERIFIED

TotalCalendar 2.4 - Path Traversal via Box Parameter

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.

by Moudi

View

EIP-2026-112077 EXPLOITDB text VERIFIED

Simple CMS Framework 1.0 - 'page' SQL Injection

by Red-D3v1L

View

CVE-2009-3188 EXPLOITDB text VERIFIED

phpSANE 0.5.0 - Remote Code Execution via File Save Parameter

PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter.

by CoBRa_21

View

EIP-2026-110808 EXPLOITDB text VERIFIED

PHP-Fusion 6.1.18 - Multiple Information Disclosure Vulnerabilities

by Inj3ct0r

View

CVE-2009-3191 EXPLOITDB text VERIFIED

PAD Site Scripts 3.6 - Cross-Site Scripting via cat Parameter

Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php.

by Mr.SQL

View