Exploitdb Exploits

EIP-2026-105401 EXPLOITDB text VERIFIED

Basic Analysis and Security Engine (BASE) 1.2.4 - 'readRoleCookie()' Authentication Bypass

by Tim Medin

View

EIP-2026-114574 EXPLOITDB text VERIFIED

ZaoCMS - 'user_id' SQL Injection

by Qabandi

View

EIP-2026-114572 EXPLOITDB text VERIFIED

ZaoCMS (PhpCommander) - Arbitrary File Upload

by Qabandi

View

CVE-2009-2293 EXPLOITDB text VERIFIED

Optimum Web Design Tutorial Share <3.5.0 - Auth Bypass

Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.

by Evil-Cod3r

View

EIP-2026-110627 EXPLOITDB text VERIFIED

photovideotube 1.11 - Multiple Vulnerabilities

by Hakxer

View

CVE-2009-4675 EXPLOITDB text VERIFIED

Mole Group Gastro Portal - Info Disclosure

admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission.

by G4N0K

View

EIP-2026-109229 EXPLOITDB text VERIFIED

LxBlog - Multiple Cross-Site Scripting / SQL Injections

by Securitylab.ir

View

CVE-2009-2288 EXPLOITDB text VERIFIED

Nagios < 3.1.1 - OS Command Injection via statuswml.cgi Ping or Traceroute Parameters

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.

by Paul

View

EIP-2026-100278 EXPLOITDB text VERIFIED

DotNetNuke 4.9.3 - 'ErrorPage.aspx' Cross-Site Scripting

by ben hawkes

View

CVE-2009-2242 EXPLOITDB text VERIFIED

ASP Inline Corporate Calendar - SQL Injection

SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.

by Bl@ckbe@rD

View

CVE-2009-2241 EXPLOITDB text VERIFIED

ASP Inline Corporate Calendar - XSS

Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

by Bl@ckbe@rD

View

EIP-2026-114576 EXPLOITDB text VERIFIED

ZaoCMS - Insecure Cookie Handling

by ThE g0bL!N

View

EIP-2026-114573 EXPLOITDB text VERIFIED

ZaoCMS - 'download.php' Remote File Disclosure

by ThE g0bL!N

View

CVE-2009-2234 EXPLOITDB text VERIFIED

VICIDIAL Call Center Suite <2.0.5-173 - SQL Injection

Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW).

by Striker7

View

CVE-2009-1843 EXPLOITDB text VERIFIED

Flash Quiz Beta 2 - SQL Injection via Quiz or Order Number Parameter

Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php.

by YEnH4ckEr

View

CVE-2009-2236 EXPLOITDB text VERIFIED

Your Article Directory - SQL Injection

SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.

by Hakxer

View

CVE-2009-2235 EXPLOITDB text VERIFIED

Your Articles Directory - SQL Injection

SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

by ThE g0bL!N

View

CVE-2009-1634 EXPLOITDB text VERIFIED

Novell GroupWise <7.03 HP3-8.0 HP2 - Info Disclosure

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.

by Gregory Duchemin

View

CVE-2009-2285 EXPLOITDB text VERIFIED

libtiff 3.8.2 - Denial of Service via LZWDecodeCompat Buffer Underflow

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

by wololo

View

CVE-2009-2243 EXPLOITDB text VERIFIED

ASP Inline Corporate Calendar - SQL Injection

SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

by Bl@ckbe@rD

View

CVE-2009-1748 EXPLOITDB text VERIFIED

Catviz 0.4.0 Beta 1 - Path Traversal via webpages_form or userman_form Parameter

Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter.

by ByALBAYX

View

CVE-2009-1751 EXPLOITDB text VERIFIED

Realty Webware Technologies Web-Base 1.0 - SQL Injection via list_list.php id Parameter

SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

by ThE g0bL!N

View

CVE-2009-1593 EXPLOITDB text VERIFIED

Armorlogic Profense WAF <2.2.22 & 2.4.x<2.4.4 XSS via SCRIPT Tag

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.

by EnableSecurity

View

EIP-2026-110649 EXPLOITDB text VERIFIED

PHP Article Publisher - Arbitrary Authentication Bypass

by ThE g0bL!N

View

EIP-2026-109846 EXPLOITDB text VERIFIED

NC LinkList 1.3.1 - Remote Command Injection

by ThE g0bL!N

View