Exploitdb Exploits
31,357 exploits tracked across all sources.
Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting
by Moudi
Rein Velt Vedit - Code Injection
PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.
by RoMaNcYxHaCkEr
Phplivesupport. Phplive! - SQL Injection
SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
by v3n0m
JiangHu Inn < 1.1 - SQL Injection via id Parameter
SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php.
by ZhaoHuAn
GreenSQL Firewall - SQL Injection Protection Bypass via WHERE Clause Expression
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
by Johannes Dahse
Apache Tomcat 3.2 - 404 Error Page Cross-Site Scripting
by MustLive
Linux Kernel <2.6.19 - Privilege Escalation
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
by spender
CVSS 7.8
Xstate Real Estate 1.0 - SQL Injection
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Moudi
SmartVMD 1.3 - ActiveX Control 'VideoMovementDetection.dll' Remote Buffer Overflow
by optix hacker
Xstate Real Estate 1.0 - Cross-Site Scripting via PATH_INFO to home.html or lands.html
Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html.
by Moudi
Rein Velt Vedit - Path Traversal
Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _GET[filename] parameter.
by CoBRa_21
Property Watch 2.0 - Cross-Site Scripting via VideoID or Redirect Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.
by Moudi
Property Watch 2.0 - Cross-Site Scripting via VideoID or Redirect Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.
by Moudi
PHPMass Real Estate - 'view_map.php' Cross-Site Scripting
by Moudi
Prime Quick Style < 1.2.3 - Authenticated SQL Injection via prime_quick_style Parameter
SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php.
by -SmoG-
KingCMS 0.6.0 - Remote Code Execution via CONFIG[AdminPath] Parameter
PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter.
by CoBRa_21
com_gameserver 1.0 for Joomla! - SQL Injection via id Parameter
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.
by v3n0m
Artetics Art Portal (com_artportal) 1.0 - SQL Injection via Portalid Parameter
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
by 599eme Man
jvitals com_agora 3.0.0b - Path Traversal via Action Parameter
Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
by ByALBAYX
DataLife Engine 8.2 - Remote Code Execution via dle_config_api Parameter
PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter.
by Kurd-Team
AOM Software Beex 3 - Cross-Site Scripting via navaction Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.
by Moudi
AOM Software Beex 3 - Cross-Site Scripting via navaction Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.
by Moudi
JSFTemplating / Mojarra Scales / GlassFish - File Disclosure
by SEC Consult
Dave Robinson Rockbandcms - SQL Injection
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
by Affix
Re-Script 0.99 Beta - 'listings.php?op' SQL Injection
by Mr.SQL
By Source