Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3481 EXPLOITDB text VERIFIED
ApPHP PHP MicroCMS 1.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable.
by Abysssec
EIP-2026-110004 EXPLOITDB text VERIFIED
NWS-Classifieds - 'cmd' Local File Inclusion
by John Leitch
CVE-2009-4864 EXPLOITDB text VERIFIED
I-Escorts Directory Script and Agency Script - Cross-Site Scripting via search_name or languages Parameter
Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.
by 599eme Man
CVE-2010-3462 EXPLOITDB text VERIFIED
Mollify 1.6 and 1.6.5.5 - Cross-Site Scripting via Confirm Parameter
Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information.
by John Leitch
CVE-2010-3461 EXPLOITDB text VERIFIED
eNdonesia 8.4 - SQL Injection via Publisher Module artid Parameter
SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.
by vYc0d
EIP-2026-106010 EXPLOITDB text VERIFIED
CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion
by John Leitch
EIP-2026-105829 EXPLOITDB python VERIFIED
ChillyCMS 2.3.4.3 - Arbitrary File Upload
by John Leitch
EIP-2026-105288 EXPLOITDB text VERIFIED
ATutor 1.0 - Multiple 'cid' Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-104917 EXPLOITDB text VERIFIED
AContent 1.0 - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
EIP-2026-104906 EXPLOITDB text VERIFIED
AChecker 1.0 - 'URI' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-118971 EXPLOITDB html VERIFIED
Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow
by Abysssec
CVE-2010-3171 EXPLOITDB c VERIFIED
Mozilla Firefox <4.0 - Info Disclosure
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
by Amit Klein
CVE-2010-4909 EXPLOITDB text VERIFIED
PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
by Valentin Hoebel
CVE-2010-4909 EXPLOITDB text VERIFIED
PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
by Valentin Hoebel
CVE-2010-3422 EXPLOITDB text VERIFIED
Joomla! com_jgen 0.9.33 - SQL Injection
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
by **RoAd_KiLlEr**
CVE-2010-3467 EXPLOITDB perl VERIFIED
E-Xoopport Samsara <3.1 - SQL Injection
SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action.
by _mRkZ_
CVE-2010-3407 EXPLOITDB text VERIFIED
IBM Lotus Domino <8.0.2 FP5-8.5.1 FP2 - RCE
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
by A. Plaskett
EIP-2026-100331 EXPLOITDB text VERIFIED
freediscussionforums 1.0 - Multiple Vulnerabilities
by Abysssec
CVE-2010-3000 EXPLOITDB python VERIFIED
RealNetworks RealPlayer <11.1 - RCE
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
by Abysssec
CVE-2010-3396 EXPLOITDB python VERIFIED
Kingsoft Antivirus <2010.04.26.648 - Buffer Overflow
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
by Lufeng Li
EIP-2026-114825 EXPLOITDB text VERIFIED
AA SMTP Server 1.1 - Crash (PoC)
by SONIC
CVE-2010-4912 EXPLOITDB text VERIFIED
UCenter Home 2.0 - SQL Injection via shop.php shopid Parameter
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
by KnocKout
EIP-2026-112443 EXPLOITDB text
Storyteller CMS - 'var' Local File Inclusion
by h4ck3r
EIP-2026-110393 EXPLOITDB text
osDate - 'uploadvideos.php' Arbitrary File Upload
by Xa7m3d
EIP-2026-108448 EXPLOITDB text VERIFIED
Joomla! Component com_mtree 2.1.5 - Arbitrary File Upload
by jdc