Exploitdb Exploits
31,346 exploits tracked across all sources.
phpCollegeExchange 0.1.5c - Multiple SQL Injections
by Salvatore Fresta
oBlog - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php.
by Milos Zivanovic
Scripts For Sites EZ e-store - SQL Injection via SearchResults.php where Parameter
SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.
by Salvatore Fresta
Digital Scribe 1.4.1 - Multiple SQL Injections
by Salvatore Fresta
Chipmunk NewsLetter - Cross-Site Request Forgery
by Milos Zivanovic
Venalsur Booking Centre Booking System for Hotels Group - SQL Injection
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
by Salvatore Fresta
PHP Inventory 1.2 - Cross-Site Scripting via sup_id Parameter
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.
by mr_me
ZeeJobsite 3x - Cross-Site Scripting via Basic Search Result Title Parameter
Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter.
by bi0
phpLDAPadmin <1.1.0.5 - Path Traversal
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
by ipsecs
PHP Inventory 1.2 - SQL Injection via User ID, Username, or Password Parameter
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.
by mr_me
Nuggetz CMS 1.0 - Path Traversal and Arbitrary File Write via nugget Parameter
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code.
by Amol Naik
Fernando Soares Mamboleto <2.0 RC3 - RCE
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Don Tukulesto
JS Jobs (com_jsjobs) 1.0.5.6 - SQL Injection via md or oi Parameter
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
by kaMtiEz
com_jphoto 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
by kaMtiEz
OPMANAGER - Blind SQL Injection / XPath Injection
by Asheesh kumar Mani Tripathi
Invision Power Board 2.x-3.0.4 - Cross-Site Scripting via .txt Attachment
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
by Xacker
CVSS 6.1
NetArt Media Real Estate Portal 2.0 - SQL Injection
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information.
by AnTi SeCuRe
TestLink - Authenticated SQL Injection via Test Case ID or logLevel Parameter
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
by Core Security
NetArt Media Real Estate Portal 2.0 - SQL Injection
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by AnTi SeCuRe
THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure
by AnTi SeCuRe
Viscacha 0.8 Gold - Authenticated Cross-Site Scripting via Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information.
by mr_me
IRAN N.E.T E-Commerce Group - SQL Injection
by Dr.0rYX & Cr3W-DZ
By Source