Exploitdb Exploits
31,344 exploits tracked across all sources.
Digital Interchange Document Library <5.8.5 - SQL Injection
SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.
by L0rd CrusAd3r
Digital Interchange Calendar <5.8.5 - SQL Injection
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.
by L0rd CrusAd3r
Yamamah - SQL Injection
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.
by anT!-Tr0J4n
Yamamah (Dove Photo Album) 1.00 - SQL Injection
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.
by TheMaStEr
Yamamah - Information Disclosure
index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter.
by anT!-Tr0J4n
phpplanner - Cross-Site Scripting / SQL Injection
by anT!-Tr0J4n
Vunet VU Web Visitor Analyst - SQL Injection
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
BrightSuite Groupware 5.4 - SQL Injection
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
by L0rd CrusAd3r
F5 Nginx < 0.7.66 - Information Disclosure
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
by Dr_IDE
F5 Nginx < 0.7.67 - Path Traversal
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
by Dr_IDE
F5 Nginx < 0.7.66 - Information Disclosure
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
by Jose A. Vazquez
Site to Store Automobile - Motorcycle Boat SQL Injection
by L0rd CrusAd3r
Site for Real Estate - Brokers SQL Injection
by L0rd CrusAd3r
Parallels System Automation (PSA) - Local File Inclusion
by Pouya Daneshmand
Development Site Professional Liberal - Company Institutional SQL Injection
by L0rd CrusAd3r
By Source