Exploitdb Exploits
31,357 exploits tracked across all sources.
Siteframe 3.2.x - Information Exposure via phpinfo.php Direct Request
Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
by NoGe
Online Guestbook Pro 5.1 - Cross-Site Scripting via entry Parameter
Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
by Moudi
MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload
by ThE g0bL!N
JNM Guestbook 3.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
Glossword 1.8.11 - Arbitrary Uninstall / Install
by Evil-Cod3r
Clear Content 1.1 - Path Traversal via Image.php URL Parameter
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
by MizoZ
xscreensaver 5.01 - Arbitrary File Disclosure Symlink
by kingcope
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)
by kingcope
Rapidsendit Clone Script - 'admin.php' Insecure Cookie Authentication Bypass
by NoGe
linea21 1.2.1 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action.
by 599eme Man
JNM Solutions DB Top Sites 1.0 - 'vote.php' Cross-Site Scripting
by Moudi
Tausch Ticket Script 3 - SQL Injection
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
by Moudi
Tausch Ticket Script 3 - SQL Injection
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
by Moudi
Swinger Club Portal - Anzeiger <start.php - SQL Injection
SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
by Moudi
Swinger Club Portal - Remote Code Execution via Anzeiger Start PHP Go Parameter
PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter.
by Moudi
Rentventory 1.0.1 - Cross-Site Scripting via Login Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action.
by 599eme Man
HP Printers - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.
by sh2kerr
Opial 1.0 - SQL Injection via txtUserName Parameter
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
by Moudi
Rentventory - SQL Injection via Product Parameter
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
by Moudi
Opial 1.0 - SQL Injection via txtPassword Parameter
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Moudi
Opial 1.0 - SQL Injection via albumid Parameter
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
by ThE g0bL!N
AdminLog 0.5 - 'valid_login' Authentication Bypass
by SirGod
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (2)
by Sumit Siddharth
By Source