Exploitdb Exploits
31,348 exploits tracked across all sources.
Sigsiu Online Business Index 2 <RC 2.8.2 - SQL Injection
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2
by Br1ght D@rk
Joomla! com_beamospetition 1.0.12 - XSS
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
by vds_s
AXIS 70U - Network Document Server Privilege Escalation / Cross-Site Scripting
by DSecRG
Apache Jackrabbit < 1.5.2 - Cross-Site Scripting via Search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
by Red Hat
Apache Jackrabbit < 1.5.2 - Cross-Site Scripting via Search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
by Red Hat
MoinMoin < 1.8.1 - Cross-Site Scripting via AttachFile Action Parameters
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
by SecureState
QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)
by kokanin
Ninja Blog 4.8 - Path Traversal via Cat Parameter
Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
by Danny Moules
Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection
by Danny Moules
Gallery Kys 1.0 - Admin Password Disclosure / Persistent Cross-Site Scripting
by Osirys
QNX RTOS 6.4 - '.ELF' Binary File Local Denial of Service
by kokanin
SCMS 1 - Path Traversal via Index.php P Parameter
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
by ahmadbady
GigCalendar (com_gigcal) 1.0 - SQL Injection via gigcal_venues_id or gigcal_bands_id Parameter
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
by Lanti-Net
Enhanced Simple PHP Gallery <1.72 - Path Traversal
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
by bd0rk
ROBS-PROJECTS Digital Sales IPN - Info Disclosure
ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.
by Moudi
Katy Whitton RankEm - Cross-Site Scripting via siteID Parameter
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
by Pouya_Server
Katy Whitton BlogIt! - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
Katy Whitton BlogIt! - Cross-Site Scripting via Index.asp View Parameter
Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.
by Pouya_Server
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
by Pouya_Server
By Source