Exploitdb Exploits
31,357 exploits tracked across all sources.
Almond Classifieds (com_aclassf) 7.5 - Cross-Site Scripting via addr Parameter
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
by Moudi
iWiccle 1.01 - SQL Injection via member_id Parameter
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
by SirGod
inout_adserver - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
by boom3rang
GarageSales Script - Cross-Site Scripting via Key Parameter
Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.
by Moudi
almond Classifieds ads - Blind SQL Injection / Cross-Site Scripting
by Moudi
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
XOOPS Celepar Qas Module - SQL Injection via codigo or cod_categoria Parameter
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
by s4r4d0
XOOPS Celepar Quiz Module - Cross-Site Scripting via PATH_INFO to cadastro_usuario.php
Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.
by s4r4d0
WebShop Hun 1.062s - '/index.php' Local File Inclusion / Cross-Site Scripting
by u.f.
TurnkeySetup Net Marketing 6.0 - 'faqs.php' Cross-Site Scripting
by Moudi
SkaLinks 1.5 - 'cat' Multiple Cross-Site Scripting Vulnerabilities
by Moudi
Scripteen Free Image Hosting Script 2.3 - SQL Injection via cookid or cookgid Cookie
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
by Coksnuss
Scripteen Free Image Hosting Script 2.3 - Unauthenticated Authentication Bypass via cookgid Cookie
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.
by Qabandi
SaphpLesson 4.0 - SQL Injection via cp_username Parameter
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
by SwEET-DeViL
OSI Codes Inc. PHP Live! 3.2.2 - SQL Injection via questid Parameter
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
by skys
Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting
by Moudi
Million Dollar Pixel Ads - Cross-Site Scripting / SQL Injection
by Moudi
Joomla! Extension UIajaxIM 1.1 - JavaScript Execution
by 599eme Man
By Source