Exploitdb Exploits
31,357 exploits tracked across all sources.
Logoshows BBS 2.0 - Info Disclosure
Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb.
by ZoRLu
Cromosoft Technologies Facil Helpdesk 2.3 Lite - RCE
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by Moudi
IsolSoft Support Center 2.5 - Remote Code Execution via Lang Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by Moudi
Adult Banner Exchange Website - SQL Injection
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
by 599eme Man
Valve Steam <2.10.91.91 - Privilege Escalation
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
by MrDoug
Typing Pal 1.0 - SQL Injection via idTableProduit Parameter
SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter.
by Red-D3v1L
PHPCityPortal - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information.
by CoBRa_21
PHP Photo Vote 1.3F - Cross-Site Scripting via Login Page Parameter
Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
PHP Easy Shopping Cart 3.1R - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by Moudi
PhotoPost PHP 3.3.1 - 'cat' Cross-Site Scripting / SQL Injection
by 599eme Man
Logoshows BBS 2.0 - Authentication Bypass via Cookie Manipulation
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies.
by ZoRLu
Logoshows BBS 2.0 - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by Dns-Team
Logoshows BBS 2.0 - SQL Injection via globepersonnel_forum.asp forumid Parameter
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
by Ruzgarin_Oglu
IsolSoft Support Center 2.5 - Cross-Site Scripting via lang Parameter
Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
by Moudi
Cromosoft Technologies Facil Helpdesk 2.3 Lite - XSS
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
Cromosoft Technologies Facil Helpdesk 2.3 Lite - XSS
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
e-soft24 Banner Exchange Script 1.0 - SQL Injection via click.php targetid Parameter
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
by 599eme Man
Alwasel 1.5 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.
by SwEET-DeViL
LM Starmail Paidmail 2.0 - SQL Injection via ID Parameter
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by int_main();
Willscript Auction Website Script - 'category.php' SQL Injection
by 599eme Man
Waverider Systems Perlshop - Multiple Input Validation Vulnerabilities
by Shadow
TYPO3 4.0 - SQL Injection via showUid Parameter
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.
by Ro0T-MaFia
Silurus Classifieds 1.0 - Cross-Site Scripting via ID and Keywords Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.
by Moudi
By Source