Exploitdb Exploits
31,369 exploits tracked across all sources.
webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling
by ThE g0bL!N
WB News 2.1.2 - Unauthenticated Authentication Bypass via WBNEWS Cookie
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
by ThE g0bL!N
Studio Lounge Address Book 2.5 - Unauthenticated Arbitrary File Upload via upload-file.php
Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/.
by JosS
Seditio CMS 1.0 - SQL Injection via Events Plugin c Parameter
SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php.
by OoN_Boy
Online Photo Pro 2.0 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
by Vrs-hCk
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
by Vrs-hCk
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
by Vrs-hCk
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
by Vrs-hCk
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
by Vrs-hCk
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
by Vrs-hCk
multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities
by Salvatore Fresta
Fungamez RC1 - Unauthenticated Authentication Bypass via User Cookie Parameter
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
by YEnH4ckEr
Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
by girex
Winterwebs Ezwebitor - SQL Injection
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information.
by snakespc
creasito e-commerce content manager 1.3.16 - SQL Injection via Username Parameter
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.
by Salvatore Fresta
C2Net Stronghold 2.3 - Cross-Site Scripting via URI
Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI.
by Xia Shing Zee
AWStats 6.5 <1.857 - Info Disclosure
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.
by r0t
Online Guestbook Pro - SQL Injection via display Parameter
SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.
by Hussin X
Tiny Blogr 1.0.0 rc4 - SQL Injection via txtUsername Parameter
SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information.
by Salvatore Fresta
Malleo 1.2.3 - Authenticated Path Traversal via Module Parameter
Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
by Drosophila
Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation
by Alfons Luja
Esoftpro Online Guestbook Pro 5.1 - SQL Injection
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
by Hussin X
By Source