Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-4746 EXPLOITDB text
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - CSRF
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
by mehdi boukazoula
CVE-2011-4808 EXPLOITDB text VERIFIED
HM Community < 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
by 599eme Man
CVE-2011-4040 EXPLOITDB ruby VERIFIED
NJStar Communicator MiniSmtp 3.0.11818 - Remote Code Execution via Crafted Packet
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
by Dillon Beresford
CVE-2012-0241 EXPLOITDB text
Advantech WebAccess < 7.0 - Denial of Service via Modified Stream Identifier
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
by Snake
EIP-2026-116015 EXPLOITDB php VERIFIED
Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)
by rgod
CVE-2011-5257 EXPLOITDB text VERIFIED
Classipress < 3.1.5 - Cross-Site Scripting via Twitter and Facebook Widget Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
by Paul Loftness
EIP-2026-113792 EXPLOITDB text
WordPress Plugin Glossary - SQL Injection
by longrifle0x
CVE-2011-4809 EXPLOITDB text VERIFIED
HM Community (com_hmcommunity) < 1.0 - Cross-Site Scripting via Multiple Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
by 599eme Man
CVE-2011-5112 EXPLOITDB text
com_alameda < 1.0.0 - SQL Injection via Storeid Parameter
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
by kaMtiEz
CVE-2011-5186 EXPLOITDB text VERIFIED
jbShop plugin for e107 7 - Cross-Site Scripting via item_id Parameter
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
by Robert Cooper
CVE-2011-4829 EXPLOITDB text VERIFIED
Barter Sites com_listing 1.3 - SQL Injection via category_id Parameter
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
by Chris Russell
CVE-2011-4806 EXPLOITDB text VERIFIED
phpalbum < 0.4.1.16 - Cross-Site Scripting via var1 or keyword Parameter
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
by BHG Security Center
CVE-2011-4807 EXPLOITDB text VERIFIED
phpalbum < 0.4.1.16 - Path Traversal via var1 Parameter
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
by BHG Security Center
CVE-2011-4823 EXPLOITDB text VERIFIED
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by Chris Russell
EIP-2026-108392 EXPLOITDB text VERIFIED
Joomla! Component com_jeemasms 3.2 - Multiple Vulnerabilities
by Chris Russell
CVE-2011-4830 EXPLOITDB text VERIFIED
Barter Sites com_listing 1.3 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.
by Chris Russell
EIP-2026-104560 EXPLOITDB python VERIFIED
Apple Mac OSX 10.6.5 / iOS 4.3.3 Mail - Denial of Service
by shebang42
EIP-2026-116008 EXPLOITDB text VERIFIED
Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC)
by Marcel Bernhardt
EIP-2026-115326 EXPLOITDB python VERIFIED
GFI Faxmaker Fax Viewer 10.0 (build 237) - Denial of Service (PoC)
by loneferret
EIP-2026-112199 EXPLOITDB text VERIFIED
SjXjV 2.3 - 'post.php' SQL Injection
by 599eme Man
EIP-2026-111329 EXPLOITDB text VERIFIED
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting
by 599eme Man
CVE-2011-5113 EXPLOITDB text VERIFIED
Techfolio (com_techfolio) 1.0 - SQL Injection via catid Parameter
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Chris Russell
EIP-2026-106784 EXPLOITDB text VERIFIED
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections
by Vulnerability Research Laboratory
CVE-2011-4613 EXPLOITDB c
X.Org X Server - Local Access Restriction Bypass via TTY Verification Flaw
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
by vladz
CVE-2011-4803 EXPLOITDB text
WPTouch - SQL Injection via id Parameter
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by longrifle0x