Exploitdb Exploits
1,269 exploits tracked across all sources.
Woltlab Burning Board (wBB) Lite <1.0.2pl3 - SQL Injection
SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
by rgod
F3Site <2.1 - XSS
Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.
by Kacper
F3Site <2.1 - RCE
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
by Kacper
Chicken of the VNC <2.0 - DoS
Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.
by poplix
GuppY <4.5.16 - Code Injection
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].
by rgod
GuppY <4.6.3, 4.5.16 - Path Traversal
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
by rgod
Aztek Forum - SQL Injection
SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.
by DarkFig
Webspell - SQL Injection
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
by r00t
Phpbp - SQL Injection
SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.
by Kacper
Phpbp - SQL Injection
Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers.
by Kacper
Woltlab Burning Board < 1.0.2 - SQL Injection
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
by silent vapor
Kgb < 1.9 - Path Traversal
Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.
by Kacper
Thwboard < 3.0_beta_2.84 - SQL Injection
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
by rgod
Francisco Burzi Php-nuke < 7.9 - SQL Injection
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Paisterist
sNews <1.5.30 - RCE
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
by rgod
WordPress <2.0.6 - SQL Injection
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.
by rgod
Alexphpteam Alex Guestbook - SQL Injection
SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.
by DarkFig
Alexphpteam Alex Guestbook - Path Traversal
Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.
by DarkFig
L2J Statistik Script - Path Traversal
Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
by Codebreak
Coppermine Photo Gallery < 1.4.10 - SQL Injection
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
by DarkFig
Coppermine Photo Gallery < 1.4.10 - SQL Injection
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
by DarkFig
Coppermine Photo Gallery < 1.4.10 - SQL Injection
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
by DarkFig
Cms-center Simple Web Cms - SQL Injection
SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DarkFig
MAXdev MDForum <2.0.1 - Path Traversal
Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
by Kacper
IMGallery <2.5 - RCE
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
by Kacper
By Source