Exploitdb Exploits
31,344 exploits tracked across all sources.
Joomla! Component com_aml_2 - 'art' SQL Injection
by Metropolis
Insky CMS 006-0111 - Remote Code Execution via ROOT Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information.
by mat
uhttp Server 0.1.0-alpha - Directory Traversal
by Salvatore Fresta
Cafu 9.06 - Multiple Remote Vulnerabilities
by Luigi Auriemma
Astaro Security Linux 5 - 'index.fpl' Cross-Site Scripting
by Vincent Hautot
agXchange ESM - 'ucquerydetails.jsp' Cross-Site Scripting
by Lament
Uiga Fan Club - SQL Injection via id Parameter in photos Action
SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
by Sioma Labs
PowieSys 0.7.7 alpha - 'index.php' shownews SQL Injection
by Easy Laster
New Advisore Stack 1.1 - Directory Traversal
by R3VAN_BASTARD
Mini CMS RibaFS 1.0 - SQL Injection
SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
agXchange ESM - 'ucschcancelproc.jsp' Open Redirection
by Lament
WebMaid CMS < 0.2-6 - Remote File Inclusion via Multiple Template Parameters
Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php.
by cr4wl3r
Woltlab Burning Board Lite Addon - 'lexikon.php' SQL Injection
by n3w7u
WebMaid CMS <0.2-6 - Path Traversal
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.
by cr4wl3r
notsopureedit < 1.4.1 - Remote Code Execution via Template Content Parameter
PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
Jewelry Cart Software - 'product.php' SQL Injection
by Asyraf
Fw-BofF (oolime-resurrection) 1.5.3beta - Multiple Remote File Inclusions
by cr4wl3r
Phpscripte24 Pay Per Watch & Bid Auktions System - SQL Injection
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
by Easy Laster
Joomla! Component Gift Exchange com_giftexchange 1.0 Beta - 'pkg' SQL Injection
by Chip d3 bi0s
ZKSoftware 'ZK5000' - Remote Information Disclosure
by fb1h2s
By Source