Exploitdb Exploits
31,357 exploits tracked across all sources.
Virtuenetz Virtue Online Test Generator - Info Disclosure
admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors.
by HxH
PHP Address Book 4.0.x - SQL Injection
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
by YEnH4ckEr
Awesome PHP Mega File Manager 1.0 - Path Traversal
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by SirGod
DataCheck Solutions ForumPal FE 1.1 & 1.5 - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.
by ThE g0bL!N
MyFusion 6 Beta - Path Traversal and Arbitrary File Execution via settings[locale] Parameter
Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter.
by CraCkEr
MDPro 1.083.x - SQL Injection via PollID Parameter
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
by XaDoS
PHPEcho CMS 2.0-rc3 - Stored Cross-Site Scripting via Forum Post
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.
by JosS
XZero Community Classifieds 4.97.8 - Cross-Site Scripting via postevent or _xzcal_y Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
by Moudi
Tribiq CMS 5.0.12c - Path Traversal
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894.
by CraCkEr
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
by Moudi
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
by Moudi
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
by Moudi
PHPEcho CMS <2.0-rc3 - SQL Injection
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
by JosS
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
by Moudi
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
by Moudi
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
by Moudi
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
by Moudi
LightOpenCMS 0.1 - Path Traversal via cwd Parameter
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
by JosS
Joomla! Component com_pinboard - Arbitrary File Upload
by ViRuSMaN
amoCourse (com_amocourse) - SQL Injection via catid Parameter
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
by Chip d3 bi0s
Glossword 1.8.11 - 'index.php?x' Local File Inclusion
by t0fx
BASE 1.2.4 - (Authentication Bypass) Insecure Cookie Handling
by Tim Medin
Star Wars Battlefront II 1.1 - Remote Denial of Service
by Luigi Auriemma
phpCollegeExchange 0.1.5c - Remote Code Execution via URL Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue.
by CraCkEr
By Source