Exploitdb Exploits
31,369 exploits tracked across all sources.
W2B Restaurant 1.2 - 'conf.inc' Configuration File Disclosure
by InjEctOr5
phpAdBoardPro - 'config.inc' Configuration File Disclosure
by InjEctOr5
phpAdBoard - 'conf.inc' Remote Configuration File Disclosure
by InjEctOr5
Job2C - 'conf.inc' Configuration File Disclosure
by InjEctOr5
FreeWebshop.org <2.2.9 R2 - Path Traversal
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter.
by ahmadbady
Novell Teaming 1.0-1.0.3 - Cross-Site Scripting via p_p_state or p_p_mode Parameters
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
by Michael Kirchner
AbleSpace 1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php.
by DSecRG
Longino Jacome php-Revista 1.1.2 - Unauthenticated Authentication Bypass via ID_ADMIN and SUPER_ADMIN Parameters
admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.
by SirDarckCat
Longino Jacome php-Revista 1.1.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php.
by SirDarckCat
Longino Jacome php-Revista 1.1.2 - Code Injection
PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.
by SirDarckCat
Mongoose 2.4 - Path Traversal via URI
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by e.wiZz!
Microsoft Windows - Privilege Escalation
The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
by Cesar Cerrudo
Windows XP SP2-SP3 and Server 2003 SP1-SP2 - Privilege Escalation via RPCSS Service Isolation
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
by Cesar Cerrudo
Windows Vista Gold/SP1 & Server 2008 - Privilege Escalation
The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."
by Cesar Cerrudo
Longino Jacome php-Revista 1.1.2 - Cross-Site Scripting via cadena or email Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.
by SirDarckCat
Jamroom 3.1.2 3.2.3-3.2.6 4.0.2 - Remote File Inclusion via Directory Traversal in t Parameter
Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter.
by zxvf
GuestCal 2.1 - Remote File Inclusion via Lang Parameter Path Traversal
Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.
by SirGod
Aqua CMS 1.1 - SQL Injection via userSID Cookie or Username Parameter
Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php.
by halkfild
AbleSpace 1.0 - SQL Injection via eid or id Parameter
Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php.
by DSecRG
By Source