Stack

155 exploits Active since Mar 2006
CVE-2008-5640 EXPLOITDB text WRITEUP
Active Bids 3.5 - SQL Injection via ItemID Parameter
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
CVE-2008-2536 EXPLOITDB perl WORKING POC
YABSoft Advanced Image Hosting Script < 2.1 - SQL Injection via out.php t Parameter
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.
CVE-2008-6453 EXPLOITDB text WORKING POC
6rbscript 3.3 - Path Traversal via Name Parameter
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
CVE-2009-3562 EXPLOITDB text WORKING POC
Xerver HTTP Server 4.32 - Cross-Site Scripting via currentPath Parameter
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
CVE-2009-2305 EXPLOITDB python WORKING POC
armassa ARD-9808 Software - Denial of Service via Long URI with //.\ Sequences
The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.