Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110622 EXPLOITDB text
PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities
by GulfTech Security
CVE-2014-9435 EXPLOITDB text
Absolut Engine 1.73 - SQL Injection
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php.
by Steffen Rösemann
CVE-2014-9516 EXPLOITDB text VERIFIED
Social Microblogging PRO 1.5 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.
by Halil Dalabasmaz
CVE-2004-1423 EXPLOITDB text
php-calendar < 0.10.1 - Remote Code Execution via phpc_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
by GulfTech Security
EIP-2026-116532 EXPLOITDB text
Wickr Desktop 2.2.1 Windows - Denial of Service
by Vulnerability-Lab
CVE-2004-1420 EXPLOITDB text
WHM AutoPilot <= 2.4.6.5 - Cross-Site Scripting via site_title or http_images Parameter
Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.
by GulfTech Security
CVE-2014-9457 EXPLOITDB text
PMB < 4.1.3 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.
by xd4rker dark
EIP-2026-111118 EXPLOITDB text
phpList 3.0.6/3.0.10 - SQL Injection
by Vulnerability-Lab
CVE-2014-9439 EXPLOITDB text
Easy File Sharing Web Server 6.8 - XSS
Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp.
by Sick Psycko
EIP-2026-104399 EXPLOITDB text
Pimcore CMS 2.3.0/3.0 - SQL Injection
by Vulnerability-Lab
CVE-2014-2239 EXPLOITDB text
Lazarus Guestbook 1.22 - Multiple Vulnerabilities
by TaurusOmar
CVE-2014-9436 EXPLOITDB text
SysAid On-Premise <14.4.2 - Path Traversal
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
by Bernhard Mueller
EIP-2026-116891 EXPLOITDB text
BitRaider Streaming Client 1.3.3.4098 - Local Privilege Escalation
by LiquidWorm
CVE-2014-9440 EXPLOITDB text
phpMyRecipes 1.2.2 - SQL Injection via Category Parameter
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.
by Manish Tanwar
CVE-2014-7208 EXPLOITDB text
GParted <0.15.0 - Command Injection
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
by SEC Consult
CVE-2014-9412 EXPLOITDB text
NetIQ Access Manager 4.x < 4.1 - Cross-Site Scripting via Debug Parameters
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.
by SEC Consult
CVE-2004-1417 EXPLOITDB text
Psychostats < 2.2.4 - Cross-Site Scripting via Login Parameter
Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
by GulfTech Security
CVE-2014-9581 EXPLOITDB text
Codiad 2.4.3 - Path Traversal via File Manager Download Path Parameter
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
by TaurusOmar
CVE-2014-9580 EXPLOITDB text
ProjectSend r561 - Stored Cross-Site Scripting via File Upload Description Field
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.
by TaurusOmar
CVE-2011-3713 EXPLOITDB text
cFTP r80 - Exposure of Sensitive Information via Direct PHP File Request
cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/session_check.php and certain other files.
by TaurusOmar
CVE-2014-9254 EXPLOITDB text
MiniBB < 3.1 - SQL Injection via Unsubscribe Code Parameter
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
by Kacper Szurek
CVE-2014-9445 EXPLOITDB text
Installatron GQ File Manager 0.2.5 - SQL Injection
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
by TaurusOmar
CVE-2014-9582 EXPLOITDB text
Codiad 2.4.3 - Cross-Site Scripting via Filemanager Rename Short Name Parameter
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
by TaurusOmar
EIP-2026-101585 EXPLOITDB text
CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution
by Chako
CVE-2014-9522 EXPLOITDB text
CMS Papoo Light 6.0.0 Rev 4701 - Cross-Site Scripting via Guestbook Author or Account Username
Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.
by Steffen Rösemann