Exploitdb Exploits
31,394 exploits tracked across all sources.
PBBoard 2.1.4 - Unauthenticated Arbitrary Password Change via member_id and new_password Parameters
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
by High-Tech Bridge
PBBoard 2.1.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
by High-Tech Bridge
PBBoard 2.1.4 - Authenticated Arbitrary PHP File Upload via admin.php
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.
by High-Tech Bridge
Openconstructor - SQL Injection
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php.
by Lorenzo Cantoni
Inout Mobile Webmail APP - Persistent Cross-Site Scripting
by Vulnerability-Lab
iauto mobile Application 2012 - Multiple Vulnerabilities
by Vulnerability-Lab
ConcourseSuite - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
by Matthew Joyce
Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities
by LiquidWorm
Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService - Remote File Deletion
by rgod
Oracle Business Transaction Management Server 12.1.0.2.7 - FlashTunnelService WriteToFile Message Remote Code Execution
by rgod
TCExam < 11.3.008 - Authenticated SQL Injection via subject_module_id Parameter
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
by Chris Cooper
TCExam < 11.3.008 - Authenticated SQL Injection via subject_module_id Parameter
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
by Chris Cooper
Getsimple CMS 3.1.2 - 'path' Local File Inclusion
by PuN!Sh3r
dir2web 3.0 - SQL Injection via oid Parameter
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
by Daniel Correa
AOL Products downloadUpdater2 Plugin - 'SRC' Remote Code Execution
by rgod
Joomla! Component com_photo - Multiple SQL Injections
by Chokri Ben Achor
Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
WordPress Plugin Effective Lead Management 3.0.0 - Persistent Cross-Site Scripting
by Chris Kellum
PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting
by Gjoko Krstic
Wiki Web Help - 'configpath' Remote File Inclusion
by L0n3ly-H34rT
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
By Source