AtT4CKxT3rR0r1ST

99 exploits Active since Jul 2007
CVE-2025-46002 EXPLOITDB MEDIUM text WRITEUP
simogeo filemanager <= 2.5.0 - Directory Traversal via filemanager.php Endpoint
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
CVSS 6.5
EIP-2026-119360 EXPLOITDB text WORKING POC
DirectControlTM 3.1.7.0 - Multiple Vulnerabilities
EIP-2026-117434 EXPLOITDB perl WORKING POC
Magic Music Editor - Local Buffer Overflow
EIP-2026-115573 EXPLOITDB perl WORKING POC
Magic Music Editor - '.cda' Denial of Service
EIP-2026-114548 EXPLOITDB html WORKING POC
YourTube 1.0 - Cross-Site Request Forgery (Add User)
CVE-2014-3935 EXPLOITDB text WRITEUP
XOOPS 1.0 - Glossaire module - SQL Injection
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
EIP-2026-113447 EXPLOITDB text WRITEUP
Wiser Backup - Information Disclosure
CVE-2014-1618 EXPLOITDB text WRITEUP
UAEPD Shopping Cart Script - SQL Injection
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
EIP-2026-112658 EXPLOITDB text WORKING POC
ThinkAdmin - 'page.php' SQL Injection
CVE-2014-1618 EXPLOITDB text WRITEUP
UAEPD Shopping Cart Script - SQL Injection
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
CVE-2013-4953 EXPLOITDB text WORKING POC
Top Games Script 1.2 - SQL Injection
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
EIP-2026-112762 EXPLOITDB text WORKING POC
tplSoccerStats - 'player.php' SQL Injection
CVE-2014-10023 EXPLOITDB text WORKING POC
TopicsViewer 3.0 Beta 1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
EIP-2026-112260 EXPLOITDB text WORKING POC
SnapProof - 'page.php' SQL Injection
EIP-2026-112360 EXPLOITDB text WORKING POC
southburn Web - 'products.php' SQL Injection
EIP-2026-112331 EXPLOITDB text WRITEUP
Softmatica SMART iPBX - Multiple SQL Injections
EIP-2026-111708 EXPLOITDB text WRITEUP
RealAdmin - 'detail.php' Blind SQL Injection
EIP-2026-111032 EXPLOITDB text WORKING POC
PHPDirector Game Edition - 'game.php' SQL Injection
CVE-2007-3519 EXPLOITDB text WORKING POC
phpEventCalendar < 0.2.3 - SQL Injection via eventdisplay.php id Parameter
SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-0643 EXPLOITDB html WORKING POC
PHP Link Directory 4.1.0 - Cross-Site Request Forgery via User Configuration
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action.
CVE-2014-5104 EXPLOITDB text WRITEUP
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
CVE-2014-5104 EXPLOITDB text WORKING POC
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
CVE-2014-5104 EXPLOITDB text WORKING POC
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
CVE-2014-5104 EXPLOITDB text WORKING POC
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
EIP-2026-110222 EXPLOITDB text WRITEUP
Open Bulletin Board - Multiple Blind SQL Injections