Exploitdb Exploits
31,348 exploits tracked across all sources.
DMXReady Billboard Manager 1.1 - Arbitrary File Upload
by ajann
Active Bids - SQL Injection via search.asp search Parameter
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.
by Pouya_Server
Active Bids - Cross-Site Scripting via Search Parameter or URL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp.
by Pouya_Server
ATCOM Netvolution 1.0 ASP - SQL Injection via bpe_nid Parameter
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
by Ellinas
DMXReady Classified Listings Manager <1.1 - SQL Injection
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
netsurf Web browser 1.2 - Multiple Vulnerabilities
by Jeremy Brown
phplist < 2.10.8 - Remote Code Execution via _SERVER[ConfigFile] Parameter
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
by BugReport.IR
Php Photo Album (PHPPA) 0.8 BETA - Path Traversal
Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.
by Osirys
Joomla! Component Fantasytournament - SQL Injection
by H!tm@N
Joomla! Component Camelcitydb2 2.2 - SQL Injection
by H!tm@N
DMXReady Secure Document Library <1.1 - SQL Injection
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
Dark Age CMS 0.2c beta - SQL Injection
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by darkjoker
Oracle Secure Backup 10g - 'exec_qr()' Command Injection
by Joxean Koret
Cisco IOS 11.0-12.4 - Cross-Site Scripting via HTTP Server URI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
by Adrian Pastor
ATCOM Netvolution 1.0 ASP - Cross-Site Scripting via Email Variable
Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.
by Ellinas
DMXReady Registration Manager 1.1 - Contents Change
by ajann
DMXReady Photo Gallery Manager 1.1 - Contents Change
by ajann
DMXReady PayPal Store Manager 1.1 - Contents Change
by ajann
DMXReady Member Directory Manager <1.1 - SQL Injection
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
DMXReady Links Manager 1.1 - Remote Contents Change
by ajann
By Source