Exploitdb Exploits
31,348 exploits tracked across all sources.
Groone GLinks 2.1 - Remote Code Execution via abspath Parameter
PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
by k3vin mitnick
FlatnuX CMS - Remote Code Execution
PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php.
by Alfons Luja
ClickTech ClickCart 6.0 - SQL Injection
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
AJA Modules Rapidshare 1.0.0 - Arbitrary File Upload
by Hussin X
4site CMS < 2.6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.
by D.Mortalov
Ghostscript < 8.64 - 'gdevpdtb.c' Local Buffer Overflow
by Wolfgang Hamann
MyDesign Sayac 2.0 - SQL Injection via User or Pass Parameter
Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information.
by Kacak
Whole Hog Ware Support 1.x - SQL Injection
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
by ByALBAYX
SMA-DB 0.3.12 - Remote Code Execution via _page_content Parameter
PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter.
by ahmadbady
Kaspersky Anti-Virus - Buffer Overflow
Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.
by Ruben Santamarta
Whole Hog Password Protect: Enhanced 1.x - SQL Injection
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
by ByALBAYX
Whole Hog Password Protect: Enhanced 1.x - SQL Injection
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
by ByALBAYX
Sourdough 0.3.5 patForms - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter.
by ahmadbady
SMA-DB 0.3.12 - Cross-Site Scripting via PATH_INFO in startpage.php
Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by ahmadbady
Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection
by Alfons Luja
AJA Portal 1.2 - Path Traversal via currentlang or module_name Parameter
Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module.
by ahmadbady
Synactis ALL In-The-Box ActiveX 3 - File Write
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.
by DSecRG
Skalfa SkaLinks 1.5 - SQL Injection
SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote attackers to execute arbitrary SQL commands via the Admin name field to the default URI under admin/.
by Dimi4
Revou Twitter Clone - Cross-Site Scripting / SQL Injection
by nuclear
GNUBoard 4.31.04 (09.01.30) - Multiple Local/Remote Vulnerabilities
by make0day
E-PHP B2B Trading Marketplace Script - Multiple Cross-Site Scripting Vulnerabilities
by SaiedHacker
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection
by Mehmet Ince
By Source