Exploitdb Exploits
31,351 exploits tracked across all sources.
Mediatheka 4.2 - Path Traversal via Lang Parameter
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by Osirys
iyzi Forum 1.0 beta 3 - Info Disclosure
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information.
by Ghost Hacker
CMS ISWEB 3.0 - SQL Injection via id_sezione Parameter
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.
by XaDoS
FlexPHPNews 0.0.6 - SQL Injection via User Check Parameters
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.
by Osirys
Free Links Directory Script 1.2a - SQL Injection
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nuclear
FlatnuX CMS 2008-12-11 - Cross-Site Scripting via mod foto or name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.
by gmda
CFAGCMS 1 - Remote Code Execution via Main or Right Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
by BeyazKurt
AvailScript Classmate Script - Arbitrary File Upload
by S.W.A.T.
AvailScript Article Script - Authenticated Remote Code Execution via Unrestricted File Upload in Add Pen Feature
Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/.
by S.W.A.T.
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
by SirGod
ASP SiteWare autoDealer 1 and 2 - SQL Injection via iType Parameter
Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp.
by AlpHaNiX
TAKempis Discussion Web 4.0 - Info Disclosure
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche FreeForum - Info Disclosure
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.
by Ghost Hacker
ASPSiteWare RealtyListings <2.0 - SQL Injection
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
by AlpHaNiX
ASPSiteWare HomeBuilder <2.0 - SQL Injection
Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp.
by AlpHaNiX
Net Guys ASPired2Quote - Info Disclosure
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
ASP-DEv Internal E-Mail System - SQL Injection
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information.
by Pouya_Server
ASP-DEv XM Events Diary - SQL Injection
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
by Pouya_Server
com_livechat 1.0 - Server-Side Request Forgery via xmlhttp.php Proxy
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
by jdc
com_livechat 1.0 - SQL Injection via last Parameter
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
by jdc
The Net Guys ASPired2Blog - SQL Injection
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.
by Pouya_Server
TmaxSoft JEUS 5 - Unauthenticated Source Code Disclosure via NTFS Alternate Data Stream
NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.
by Simon Ryeo
Xpoze Pro 4.10 - SQL Injection via Menu Parameter
SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter.
by XaDoS
Umer Inc Songs Portal - SQL Injection
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
by InjEctOr5
By Source