Exploitdb Exploits

CVE-2009-2219 EXPLOITDB text VERIFIED

phpCollegeExchange 0.1.5c - Cross-Site Scripting via Session Handle or Home Parameter

Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/.

by CraCkEr

View

EIP-2026-106087 EXPLOITDB text VERIFIED

CommuniGate Pro 5.2.14 - Web Mail URI Parsing HTML Injection

by Andrea Purificato

View

CVE-2009-2228 EXPLOITDB text VERIFIED

Kasseler CMS - Cross-Site Scripting via URL Parameter in Redirect Action

Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.

by S(r1pt

View

CVE-2009-2182 EXPLOITDB text VERIFIED

Campsite 3.3.0 RC1 - Remote Code Execution via GLOBALS[g_campsiteDir] Parameter

Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/.

by CraCkEr

View

CVE-2009-2181 EXPLOITDB text VERIFIED

Campsite 3.3.0 RC1 - Cross-Site Scripting via listbasedir Parameter

Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter.

by CraCkEr

View

CVE-2009-2178 EXPLOITDB text VERIFIED

phpDatingClub 3.7 - Cross-Site Scripting via Page Parameter

Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

by ThE g0bL!N

View

EIP-2026-112353 EXPLOITDB text VERIFIED

SourceBans 1.4.2 - Arbitrary Change Admin Email

by Mr. Anonymous

View

CVE-2009-2209 EXPLOITDB text VERIFIED

RS-CMS 2.1 - SQL Injection via key Parameter

SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter.

by Mr.tro0oqy

View

CVE-2009-2179 EXPLOITDB text VERIFIED

phpDatingClub 3.7 - SQL Injection via search.php sform[day] Parameter

SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter.

by ThE g0bL!N

View

CVE-2009-2180 EXPLOITDB text VERIFIED

Pc4 Uploader <10.0 - Path Traversal

Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.

by Qabandi

View

CVE-2009-2229 EXPLOITDB text VERIFIED

Kasseler CMS 1.3.5 lite - Path Traversal

Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from third party information.

by S(r1pt

View

EIP-2026-108565 EXPLOITDB text VERIFIED

Joomla! Component com_tickets 2.1 - 'id' SQL Injection

by Chip d3 bi0s

View

CVE-2009-2184 EXPLOITDB text VERIFIED

Gravy Media Photo Host 1.0.8 - Path Traversal

Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.

by Lo$er

View

EIP-2026-106831 EXPLOITDB text VERIFIED

elgg - Cross-Site Scripting / Cross-Site Request Forgery / Change Password

by lorddemon

View

CVE-2009-2183 EXPLOITDB text VERIFIED

Campsite <3.3.0 RC1 - Path Traversal

Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter.

by CraCkEr

View

CVE-2009-2233 EXPLOITDB text VERIFIED

AWScripts.com Gallery Search Engine 1.5 - Auth Bypass

The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.

by TiGeR-Dz

View

EIP-2026-103648 EXPLOITDB text VERIFIED

S.T.A.L.K.E.R. Clear Sky 1.0010 - Remote Denial of Service

by Luigi Auriemma

View

CVE-2009-2231 EXPLOITDB text VERIFIED

MIDAS 1.43 - Unauthenticated Authentication Bypass via Admin Cookie

MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.

by HxH

View

CVE-2009-2464 EXPLOITDB text VERIFIED

Mozilla Firefox <3.0.12 - Memory Corruption

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.

by Christophe Charron

View

CVE-2009-4690 EXPLOITDB text VERIFIED

YourFreeWorld Programs Rating Script - XSS

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.

by Moudi

View

CVE-2009-4690 EXPLOITDB text VERIFIED

YourFreeWorld Programs Rating Script - XSS

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.

by Moudi

View

EIP-2026-103445 EXPLOITDB text VERIFIED

Crysis 1.21/1.5 - HTTP/XML-RPC Service Access Violation Remote Denial of Service

by Luigi Auriemma

View

CVE-2009-2169 EXPLOITDB text VERIFIED

Edraw PDF Viewer Component <3.2.0.126 - RCE

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

by Jambalaya

View

EIP-2026-105961 EXPLOITDB text VERIFIED

CMS buzz - Cross-Site Scripting / Password Change / HTML Injection

by ThE g0bL!N

View

CVE-2009-2176 EXPLOITDB text VERIFIED

fuzzylime_cms <= 3.03a - Remote File Inclusion via Directory Traversal

Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.

by StAkeR

View