Exploitdb Exploits
31,346 exploits tracked across all sources.
DeluxeBB 1.3 - Improper Input Validation in Email Verification
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action.
by cp77fk4r
DeluxeBB 1.3 - Exposure of Sensitive Information via Page Parameter
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption).
by cp77fk4r
DeluxeBB 1.3 - Unauthenticated Sensitive Information Exposure via Direct Request
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.
by cp77fk4r
weenCompany 4.0.0 - SQL Injection via moduleid Parameter
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information.
by Gamoscu
The Uploader 2.0 - Path Traversal via Filename Parameter
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by Stack
pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections
by Hadi Kiamarsi
Mini File Host 1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable File Extension
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file.
by MR.Z
DeluxeBB 1.3 - Cross-Site Scripting via misc.php page Parameter
Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by cp77fk4r
ClarkConnect Linux 5.0 - 'proxy.php' Cross-Site Scripting
by Edgard Chammas
Active PHP Bookmarks <1.2.06 - SQL Injection
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.Elgaarh
Active Business Directory 2 - Cross-Site Scripting via searchadvance.asp search parameter
Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Andrea Bocchetti
Web Cocoon simpleCMS - 'show.php' SQL Injection
by anonymous
CodeMight VideoCMS 3.1 - SQL Injection
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
by kaMtiEz
Element-IT Ultimate Uploader 1.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
by Master Mind
social Web CMS Beta 2 - Multiple Vulnerabilities
by cp77fk4r
PHPOPENCHAT 3.0.2 - Cross-Site Scripting AND/OR FPD
by Dedalo
PHPhotoalbum 0.5 - SQL Injection via Album or PID Parameter
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
by Stack
PHPhotoalbum - Unauthenticated Arbitrary File Upload via Double Extension Bypass
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.
by wlhaan hacker
php-calendar 1.1 - Path Traversal and Arbitrary File Execution via configfile Parameter
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Juan Galiana Lara
php-calendar 1.1 - Path Traversal and Arbitrary File Execution via configfile Parameter
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Juan Galiana Lara
By Source