Exploitdb Exploits
31,369 exploits tracked across all sources.
PHP Dir Submit - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.
by snakespc
PC4Arb Pc4 Uploader <= 9.0 - SQL Injection via id Parameter Filter Bypass
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
by Qabandi
LightOpenCMS 0.1 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mi4night
Flyspeck CMS 6.8 - Unauthenticated Admin Account Creation via updateExistingContent Action
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
by ahmadbady
douran portal 3.9.0.23 - Multiple Vulnerabilities
by Abysssec
Dian Gemilang DGNews 3.0 Beta - SQL Injection via berita.php id Parameter
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by Cyber-Zone
coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities
by girex
ClanWeb 1.4.2 - Remote Change Password / Add Admin
by ahmadbady
MaxCMS 2.0 - SQL Injection via id Parameter in digg Action
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
by Securitylab.ir
2daybiz Custom T-shirt Design Script - SQL Injection via product.php id Parameter
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by snakespc
myGesuad 0.9.14 - SQL Injection via Name Field and ID Parameter
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
by YEnH4ckEr
myGesuad 0.9.14 - Cross-Site Scripting via Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php.
by YEnH4ckEr
myColex 1.4.2 - SQL Injection via formUser Parameter
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php.
by YEnH4ckEr
myColex 1.4.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php.
by YEnH4ckEr
Webmedia Explorer 5.09-5.10 - Cross-Site Scripting via Event Handlers in Search/Tag Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the (1) search or (2) tag parameters; (3) arbitrary invalid parameter names that are not properly handled when triggered on a column; (4) bookmark parameter in an edit action; or (5) email parameter in a remember action.
by intern0t
Ramazeiten Ramazaitencms0.9.7.5 - Path Traversal
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Br0ly
myGesuad 0.9.14 - Authenticated User Account Enumeration via Find Action
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
by YEnH4ckEr
myColex 1.4.2 - Authenticated User Account Enumeration via admuser.php Find Action
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
by YEnH4ckEr
Lussumo Vanilla 1.1.5 and 1.1.7 - Cross-Site Scripting via RequestName Parameter
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.
by Gerendi Sandor Attila
InterJoomla ArtForms 2.1b7 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php.
by iskorpitx
Cacti 0.8.7 - 'data_input.php' Cross-Site Scripting
by fgeek
2daybiz Custom T-shirt Design Script - Cross-Site Scripting via product.php id Parameter
Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by snakespc
Eggdrop and Windrop < 1.6.19 - Denial of Service via PRIVMSG String Length Miscount
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
by Thomas Sader
irssi 0.8.13 - Denial of Service via Empty IRC Command
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.
by nemo
By Source