Exploitdb Exploits

EIP-2026-106422 EXPLOITDB text VERIFIED

Deonixscripts Templates Management 1.3 - SQL Injection

by d3b4g

View

EIP-2026-105931 EXPLOITDB text VERIFIED

Clipbucket 1.7.1 - Multiple SQL Injections

by Qabandi

View

EIP-2026-105926 EXPLOITDB text VERIFIED

Clip Bucket 1.7.1 - Insecure Cookie Handling

by Qabandi

View

CVE-2009-2881 EXPLOITDB text VERIFIED

Basilic 1.5.13 - SQL Injection via idAuthor Parameter

Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.

by NoGe

View

CVE-2009-3218 EXPLOITDB text VERIFIED

AR Web Content Manager 2.1 - SQL Injection via Username Parameter

SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

by SwEET-DeViL

View

EIP-2026-110726 EXPLOITDB text VERIFIED

PHP Melody 1.5.3 - Arbitrary File Upload Injection

by Chip d3 bi0s

View

EIP-2026-108412 EXPLOITDB text VERIFIED

Joomla! Component com_Joomlaoads - 'packageId' SQL Injection

by Mr.tro0oqy

View

CVE-2009-0299 EXPLOITDB text VERIFIED

Groone GLinks 2.1 - SQL Injection via Cat Parameter

SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

by 599eme Man

View

CVE-2009-3219 EXPLOITDB text VERIFIED

AR Web Content Manager 2.1 - Remote File Inclusion via 'a' Parameter

Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter.

by SwEET-DeViL

View

EIP-2026-110608 EXPLOITDB text VERIFIED

Phorum 5.2.11 - Persistent Cross-Site Scripting

by Crashfr

View

CVE-2009-4680 EXPLOITDB text VERIFIED

phpDirectorySource 1.x - SQL Injection

SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.

by Moudi

View

CVE-2009-2564 EXPLOITDB text VERIFIED

NOS Microsystems getPlus Download Manager - Privilege Escalation

NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.

by Jeremy Brown

View

CVE-2009-4681 EXPLOITDB text VERIFIED

phpDirectorySource 1.x - Cross-Site Scripting via search.php st Parameter

Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.

by Moudi

View

CVE-2009-2888 EXPLOITDB text VERIFIED

PHP Scripts Now Hangman - SQL Injection via index.php n Parameter

SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.

by Moudi

View

CVE-2009-2889 EXPLOITDB text VERIFIED

PHP Scripts Now Hangman - Cross-Site Scripting via Letters Parameter

Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.

by Moudi

View

EIP-2026-109762 EXPLOITDB text VERIFIED

MyDLstore Pixel Ad Script - 'payment.php' Cross-Site Scripting

by Moudi

View

EIP-2026-109761 EXPLOITDB text VERIFIED

MyDLstore Meta Search Engine Script 1.0 - 'url' Remote File Inclusion

by Moudi

View

EIP-2026-109430 EXPLOITDB text VERIFIED

Meta Search Engine Script - 'url' Local File Disclosure

by Moudi

View

CVE-2009-4691 EXPLOITDB text VERIFIED

Classified Linktrader Script - SQL Injection

SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter.

by Moudi

View

CVE-2009-3509 EXPLOITDB text VERIFIED

CJ Dynamic Poll PRO 2.0 - Cross-Site Scripting via PATH_INFO

Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

by Moudi

View

EIP-2026-105194 EXPLOITDB text VERIFIED

APBook 1.3 - Admin Login Multiple SQL Injections

by n3w7u

View

EIP-2026-105187 EXPLOITDB text VERIFIED

AnotherPHPBook (APB) 1.3.0 - Authentication Bypass

by n3w7u

View

CVE-2009-3715 EXPLOITDB text VERIFIED

MCshoutbox 1.1 - SQL Injection via Username or Password Parameter

Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

by SirGod

View

CVE-2009-3714 EXPLOITDB text VERIFIED

MCshoutbox 1.1 - Cross-Site Scripting via admin_login.php loginerror Parameter

Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter.

by SirGod

View

CVE-2009-2765 EXPLOITDB text VERIFIED

DD-WRT < 24 - Remote Code Execution via CGI-BIN URI Shell Metacharacters

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

by gat3way

View