Exploitdb Exploits
31,344 exploits tracked across all sources.
BoutikOne 1.0 - SQL Injection
SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by BrOx-Dz
Joomla! com_restaurantguide 1.0.0 - SQL Injection
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
by Valentin
xt:Commerce Gambio 2008 - SQL Injection
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
by secret
Joomla! com_restaurantguide 1.0.0 - XSS
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.
by Valentin
CMS Digital Workroom <5.5.0 - XSS
Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter.
by Gjoko Krstic
e107 0.7.23 - Multiple SQL Injections
by High-Tech Bridge SA
Sourcetreesolutions Mojoportal - XSS
Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information.
by Abysssec
Microsoft Office Excel <2004 - Buffer Overflow
Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
by Abysssec
Sourcetreesolutions Mojoportal - CSRF
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.
by Abysssec
ApPHP PHP MicroCMS 1.0.1 - Path Traversal
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by Abysssec
pixelpost 1.7.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
by Sweet
CVSS 8.8
AXIGEN Mail Server 7.4.1 - Path Traversal
Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
by Bogdan Calin
ApPHP PHP MicroCMS 1.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable.
by Abysssec
I-escorts Agency Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.
by 599eme Man
Mollify <1.6-1.6.5.5 - XSS
Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information.
by John Leitch
eNdonesia 8.4 - SQL Injection
SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.
by vYc0d
CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion
by John Leitch
ATutor 1.0 - Multiple 'cid' Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
AContent 1.0 - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
AChecker 1.0 - 'URI' Cross-Site Scripting
by High-Tech Bridge SA
By Source