Exploitdb Exploits

CVE-2009-0293 EXPLOITDB text VERIFIED

Wazzum Dating Software - SQL Injection

SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.

by nuclear

View

EIP-2026-112114 EXPLOITDB text VERIFIED

Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload

by Xianur0

View

CVE-2009-0292 EXPLOITDB text VERIFIED

SHOP-INET 4 - SQL Injection via show_cat2.php grid Parameter

SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.

by FeDeReR

View

CVE-2009-0296 EXPLOITDB text VERIFIED

Script Toko Online 5.01 - SQL Injection

SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

by k1n9k0ng

View

CVE-2009-0291 EXPLOITDB text VERIFIED

OpenX 2.6.3 - Remote File Inclusion via MAX_type Parameter

Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.

by Charlie Briggs

View

CVE-2009-0291 EXPLOITDB text VERIFIED

OpenX 2.6.3 - Remote File Inclusion via MAX_type Parameter

Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.

by Sarid Harper

View

CVE-2009-0373 EXPLOITDB text VERIFIED

ElearningForce Flash Magazine Deluxe - SQL Injection via mag_id Parameter

SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.

by TurkGuvenligi

View

CVE-2009-0299 EXPLOITDB text VERIFIED

Groone GLinks 2.1 - SQL Injection via Cat Parameter

SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

by nuclear

View

EIP-2026-106134 EXPLOITDB text VERIFIED

ConPresso CMS 4.07 - Multiple Remote Vulnerabilities

by David Vieira-Kurz

View

CVE-2009-0297 EXPLOITDB text VERIFIED

ClickAuction - SQL Injection via txtEmail or txtPassword Parameter

SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.

by R3d-D3V!L

View

CVE-2008-2955 EXPLOITDB text VERIFIED

Pidgin 2.4.1 - Denial of Service via Long Filename in MSN Message

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

by Juan Pablo Lopez Yacubian

View

EIP-2026-100397 EXPLOITDB text VERIFIED

Lootan - 'login.asp' SQL Injection

by Arash Setayeshi

View

EIP-2026-100392 EXPLOITDB text VERIFIED

LDF - 'login.asp' SQL Injection

by Arash Setayeshi

View

EIP-2026-100290 EXPLOITDB text VERIFIED

E-ShopSystem - Authentication Bypass / SQL Injection

by InjEctOr5

View

CVE-2009-0286 EXPLOITDB text VERIFIED

OpenGoo 1.1 - Path Traversal via form_data[script_class] Parameter

Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.

by fuzion

View

CVE-2009-0284 EXPLOITDB text VERIFIED

Flax Article Manager 1.1 - SQL Injection

SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

by JIKO

View

EIP-2026-102954 EXPLOITDB text VERIFIED

PostgreSQL 8.2/8.3/8.4 - UDF for Command Execution

by Bernardo Damele

View

EIP-2026-102931 EXPLOITDB text VERIFIED

MySQL 4/5/6 - UDF for Command Execution

by Bernardo Damele

View

EIP-2026-100626 EXPLOITDB text VERIFIED

Web-Calendar Lite 1.0 - Authentication Bypass

by ByALBAYX

View

CVE-2009-0302 EXPLOITDB text VERIFIED

PHP-Nuke <8.1.0.3.5b - SQL Injection

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.

by Sina Yazdanmehr

View

CVE-2009-0283 EXPLOITDB text VERIFIED

Oblog - Cross-Site Scripting via err.asp Message Parameter

Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.

by arash.setayeshi

View

CVE-2009-0285 EXPLOITDB text VERIFIED

BBSXP < 5.13 - Cross-Site Scripting via Error Page Message Parameter

Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.

by arashps0

View

CVE-2009-0384 EXPLOITDB text VERIFIED

OwnRS CMS 1.2 - SQL Injection via autor.php id Parameter

SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

by nuclear

View

CVE-2009-0280 EXPLOITDB text VERIFIED

Asp Project Management 1.0 - Auth Bypass

Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.

by Khashayar Fereidani

View

CVE-2009-0377 EXPLOITDB text VERIFIED

Joomla! beamospetition <1.0.12 - SQL Injection

SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.

by vds_s

View