Exploitdb Exploits
31,351 exploits tracked across all sources.
XOOPS 0.22 - Print Module - SQL Injection
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nétRoot
WorkSimple 1.2.1 - Unauthenticated Sensitive Information Exposure via Direct Request
WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt.
by Osirys
The Rat CMS Alpha 2 - SQL Injection via login.php user_id and password Parameters
Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the (1) user_id and (2) password parameter.
by x0r
injader < 2.1.1 - Cross-Site Scripting in Profile Editing Functionality
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
by anonymous
Free Links Directory Script <1.2a - SQL Injection
SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nuclear
Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 - SQL Injection
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
by ZoRLu
CadeNix - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by HaCkeR_EgY
BabbleBoard 1.1.6 - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.
by SirGod
Aperto Blog 0.1.1 - Path Traversal
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by NoGe
Amaya Web Browser 10.0.1/10.1-pre5 - HTML Tag Buffer Overflow (PoC)
by webDEViL
Forest Blog 1.3.2 - Info Disclosure
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
by Cold Zero
CodeAvalanche RateMySite - Info Disclosure
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche FreeWallpaper - Info Disclosure
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche FreeForAll - Info Disclosure
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche Directory - Info Disclosure
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche Articles - Info Disclosure
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
ClickAndEmail - Cross-Site Scripting via tablename Parameter in admin_dblayers.asp
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
by AlpHaNiX
Click&Rank - Cross-Site Scripting via user.asp action parameter
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.
by AlpHaNiX
phpweather 2.2.2 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by ahmadbady
Simple Text-File Login Script 1.0.6 - Info Disclosure
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt.
by Osirys
CMS ISWEB 3.0 - Cross-Site Scripting via strcerca or id_oggetto Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information.
by XaDoS
The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation
by x0r
Simple Text-File Login Script <1.0.6 - RCE
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.
by Osirys
PHP Weather 2.2.2 - Path Traversal
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by ahmadbady
By Source