Exploitdb Exploits

CVE-2009-0593 EXPLOITDB text VERIFIED

plx Auto Reminder 3.7 - SQL Injection

SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.

by ZoRLu

View

CVE-2009-0598 EXPLOITDB text VERIFIED

PhpMesFilms 1.0 and 1.8 - SQL Injection via id Parameter

SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.

by SuB-ZeRo

View

EIP-2026-113362 EXPLOITDB text VERIFIED

webSPELL 4 - Authentication Bypass

by anonymous

View

CVE-2009-0595 EXPLOITDB text VERIFIED

phpSkelSite 1.4 - Remote Code Execution via Theme Parameter

PHP remote file inclusion vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.

by ahmadbady

View

CVE-2009-0594 EXPLOITDB text VERIFIED

phpSkelSite 1.4 - Cross-Site Scripting via PATH_INFO

Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

by ahmadbady

View

CVE-2009-0596 EXPLOITDB text VERIFIED

phpSkelSite 1.4 - Remote File Inclusion via TplSuffix Parameter

Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.

by ahmadbady

View

EIP-2026-105645 EXPLOITDB text VERIFIED

Built2Go PHP Rate My Photo 1.46.4 - Arbitrary File Upload

by ZoRLu

View

EIP-2026-105644 EXPLOITDB text VERIFIED

Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload

by ZoRLu

View

CVE-2008-5498 EXPLOITDB text VERIFIED

PHP < 5.2.8 - Exposure of Sensitive Information via imageRotate Function

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

by Hamid Ebadi

View

CVE-2009-0177 EXPLOITDB text VERIFIED

VMware Workstation/Player/ACE/Server/Fusion DoS via Long USER/PASS Command

vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.

by laurent gaffié

View

EIP-2026-102626 EXPLOITDB text VERIFIED

KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities

by athos

View

CVE-2009-0597 EXPLOITDB text VERIFIED

w3b_cms < 3.3.0 - SQL Injection via Username Parameter

SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.

by DNX

View

CVE-2008-6765 EXPLOITDB text VERIFIED

ViArt Shop 3.5 - Unauthenticated Arbitrary Shopping Cart Access via cart_name Parameter

ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter.

by Xia Shing Zee

View

CVE-2009-0705 EXPLOITDB text VERIFIED

PowerScripts PowerNews <2.5.4 - SQL Injection

SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

by Virangar Security

View

CVE-2009-0707 EXPLOITDB text VERIFIED

PowerClan 1.14a - SQL Injection via Login Email Parameter

SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.

by Virangar Security

View

EIP-2026-111194 EXPLOITDB text VERIFIED

phpScribe 0.9 - 'user.cfg' Remote Configuration Disclosure

by ahmadbady

View

EIP-2026-109401 EXPLOITDB text VERIFIED

Memberkit 1.0 - Arbitrary File Upload

by Lo$er

View

EIP-2026-106800 EXPLOITDB text VERIFIED

EggBlog 3.1.10 - Cross-Site Request Forgery (Change Admin Password)

by x0r

View

EIP-2026-106394 EXPLOITDB text VERIFIED

DDL-Speed Script - 'acp/backup' Admin Backup Bypass

by tmh

View

CVE-2009-0703 EXPLOITDB text VERIFIED

ASPThai.Net Webboard 6.0 - SQL Injection

SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

by DaiMon

View

EIP-2026-104816 EXPLOITDB text VERIFIED

2Capsule - SQL Injection

by Zenith

View

EIP-2026-103531 EXPLOITDB text VERIFIED

Konqueror 4.1 - Cross-Site Scripting / Remote Crash

by StAkeR

View

EIP-2026-101056 EXPLOITDB text VERIFIED

Nokia S60 SMS/MMS (Curse of Silence) - Denial of Service

by Tobias Engel

View

CVE-2008-6725 EXPLOITDB text VERIFIED

CMScout 2.06 - Authenticated SQL Injection via id Parameter

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.

by SirGod

View

EIP-2026-109550 EXPLOITDB text VERIFIED

Mole Group Vacation Estate Listing Script - Blind SQL Injection

by x0r

View