Exploitdb Exploits
31,357 exploits tracked across all sources.
TinyBrowser < 1.5.13 - Unauthenticated Arbitrary File Upload via upload.php
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
by Aung Khant
CVSS 9.8
PHPArcadeScript 4.0 - SQL Injection
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by MizoZ
PHP Paid 4 Mail Script - SQL Injection
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ThE g0bL!N
Zenas PaoLink 1.0 - Unauthenticated Authentication Bypass via login_ok Parameter
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
by SirGod
Zenas PaoLiber 1.1 - Unauthenticated Authentication Bypass via login_ok Parameter
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
by SirGod
Zenas PaoBacheca Guestbook 2.1 - Unauthenticated Authentication Bypass via login_ok Parameter
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
by SirGod
CVSS 9.8
XOOPS Celepar Qas Module - Stored Cross-Site Scripting via cod_categoria and opcao Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php.
by Moudi
SkaDate Online Dating Software - Path Traversal via Layout Parameter
Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.
by Moudi
SkaDate Dating - Cross-Site Scripting via PATH_INFO to admin/auth.php and file_uploader.php
Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.
by Moudi
iWiccle 1.01 - Path Traversal via Show or Module Parameter
Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php.
by SirGod
Almond Classifieds (com_aclassf) 7.5 - SQL Injection via replid Parameter
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
by Moudi
GarageSales Script - SQL Injection via visitor/view.php key Parameter
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
by Moudi
iptel serweb < 2.0.0dev1 - Remote Code Execution via _SERWEB[configdir] Parameter
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.
by GoLd_M
XOOPS Celepar Qas Module - SQL Injection via codigo or cod_categoria Parameter
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
by Moudi
WebAsyst Shop-Script PREMIUM - 'SearchString' Cross-Site Scripting
by u.f.
Ultimate Regnow Affiliate 3.0 - SQL Injection via RSS cat Parameter
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Chip d3 bi0s
Super Mod System - SQL Injection via s Parameter
SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.
by MizoZ
SkaDate Dating - Remote Code Execution via Language ID Parameter
PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
by Moudi
PHP Paid 4 Mail Script - Remote Code Execution via home.php page Parameter
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by int_main();
Limny 1.01 - SQL Injection via Username Parameter
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by SirGod
ixxo_cart < 3.9.6.1 - SQL Injection via Parent Parameter
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
by sm0k3
By Source