Exploitdb Exploits
31,394 exploits tracked across all sources.
Pixie CMS 1.01-1.04 - SQL Injection via pixie_user Parameter or Referer Header
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.
by Piranha
Joomla! Component Content - 'year' SQL Injection
by E.Shahmohamadi
Mambo < 4.6.5 - SQL Injection via zorder Parameter
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
by KraL BeNiM
Infoblox NetMRI 6.2.1 - Admin Login Page Multiple Cross-Site Scripting Vulnerabilities
by Jose Carlos de Arriba
Joomla! Component com_alfcontact 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities
by Jose Carlos de Arriba
osCSS2 <= 2.1.0 - Path Traversal via _ID Parameter
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
by Stefan Schurtz
LabWiki < 1.1 - Authenticated Arbitrary PHP File Upload via .gif Extension
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.
by muuratsalo
CVSS 8.8
AShop - Open Redirection / Cross-Site Scripting
by Infoserve Security Team
PBCS Technology - 'articlenav.php' SQL Injection
by Kalashinkov3
XAMPP 1.7.7 - 'PHP_SELF' Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
Oracle Database Server - Authenticated Buffer Overflow in XDB_PITRIG_PKG.PITRIG_DROPMETADATA Procedure
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
by David Maman
WHMCompleteSolution 3.x-4.x - Unauthenticated Path Traversal via Template File Parameter
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.
by ZxH-Labs
SmartJobBoard - 'keywords' Cross-Site Scripting
by Mr.PaPaRoSSe
OrderSys <= 1.6.4 - SQL Injection via where_clause Parameter
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.
by muuratsalo
Oracle NoSQL 11g 1.1.100 R2 - 'log' Directory Traversal
by Buherátor
HP Data Protector Media Operations 6.20 - Directory Traversal
by Luigi Auriemma
Microsoft Excel 2003 11.8335.8333 - Use-After-Free
by Luigi Auriemma
WordPress Theme Bonus 1.0 - 's' Cross-Site Scripting
by 3spi0n
WHMCompleteSolution 3.x.x - Path Traversal via clientarea.php templatefile Parameter
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter.
by red virus
Merethis Centreon < 2.3.2 - Authenticated Path Traversal via Command Name Parameter
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
by Christophe de la Fuente
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
By Source