Exploitdb Exploits
31,357 exploits tracked across all sources.
DragDropCart - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
by Moudi
DragDropCart - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
by Moudi
PHP Scripts Now Astrology - Cross-Site Scripting via Day Parameter
Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter.
by Moudi
Web Development House Alibaba Clone - SQL Injection
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.
by 599eme Man
phplemon AdQuick 2.2.1 - Cross-Site Scripting via red_url Parameter
Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter.
by Moudi
PulseAudio <0.9.14 - Privilege Escalation
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
by anonymous
DD-WRT 24 sp1 - Unauthenticated Settings Modification via cgi-bin/
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
by gat3way
RadNICS Gold 5 - SQL Injection via fid Parameter
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
by Moudi
RadScripts RadLance Gold 7.5 - Cross-Site Scripting via index.php pr Parameter
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.
by Moudi
Good/Bad Vote - Cross-Site Scripting via Vote ID Parameter
Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.
by Moudi
Battle Blog 1.25 and 1.30 build 2 - SQL Injection via UserName Parameter
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.
by $qL_DoCt0r
RadScripts RadBids Gold 4 - SQL Injection via fid Parameter
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.
by Moudi
RealNetworks Helix Server <13.0.0 - DoS
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.
by Core Security
Super Simple Blog Script 2.5.4 - Path Traversal
Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter.
by JIKO
Super Simple Blog Script 2.5.4 - SQL Injection
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.
by JIKO
RadNICS Gold 5 - Cross-Site Scripting via Order or Fid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.
by Moudi
RadScripts RadLance Gold 7.5 - SQL Injection
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
by Moudi
RadScripts RadBids Gold 4 - Cross-Site Scripting via Storefront Mode Parameter
Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
by Moudi
Joomla! Jobline <1.3.1 - SQL Injection
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php.
by ManhLuat93
FreeWebScriptz Honest Traffic 1.x - Cross-Site Scripting via msg Parameter
Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Moudi
Good/Bad Vote <unknown> - Path Traversal
Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information.
by Moudi
Ger Versluis 2000 5.5 24 - 'SITE_fiche.php' SQL Injection
by DeCo017
Battle Blog 1.25 and 1.30 build 2 - Cross-Site Scripting via Comment
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment.
by $qL_DoCt0r
JoxTechnology Ajox Poll - Unauthenticated Authentication Bypass via Direct Request to admin/managepoll.php
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
by SirGod
By Source