Exploitdb Exploits
31,351 exploits tracked across all sources.
Social Groupie - SQL Injection via id Parameter
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.
by InjEctOr5
Social Groupie - Authenticated Arbitrary File Upload via Photos/create_album.php
Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/.
by InjEctOr5
com_livechat 1.0 - SQL Injection via last parameter to getChatRoom.php
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by jdc
VP-ASP Shopping Cart 6.50 - Info Disclosure
VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information.
by Dxil
ASPired2Protect - Unauthenticated Sensitive Information Exposure via Direct Database Download
The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb.
by AlpHaNiX
Net Guys ASPired2Blog - Info Disclosure
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
Red_Reservations - Unauthenticated Sensitive Information Exposure via Direct Database File Access
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.
by Cyber-Zone
ASP-CMS 1.0 - SQL Injection via cha Parameter
SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter.
by Khashayar Fereidani
Microsoft Internet Explorer 8.0 Beta 2 - XSS
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
by Rafel Ivgi
PhpAddEdit 1.3 - Unauthenticated Authentication Bypass via addedit Cookie
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.
by x0r
PHP Support Tickets 2.2 - Arbitrary File Upload
by ahmadbady
InSun Feed CMS 1.7.3 19Beta - Path Traversal via Lang Parameter
Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter.
by x0r
EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)
by s4avrd0w
Ad Server Solutions Affiliate Software Java 4.0 - SQL Injection via Logon.jsp Parameters
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
by 3d D3v!L
The Net Guys ASPired2poll - Unauthenticated Sensitive Information Exposure via Direct Database Download
The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb.
by AlpHaNiX
MyCal Personal Events Calendar - Unauthenticated Sensitive Information Exposure via Direct Database Request
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb.
by CoBRa_21
evcal_events_calendar - Unauthenticated Sensitive Information Exposure via Direct Database Request
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
by Cyber-Zone
Ad Server Solutions Banner Exchange Solution Java - SQL Injection via Logon Process
SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Ad Server Solutions Affiliate Software Java 4.0 - SQL Injection via Logon.jsp Parameters
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Ad Server Solutions Ad Management Software Java - SQL Injection via logon.jsp uname or pass Parameter
SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
eZoneScripts Living Local 1.1 - Cross-Site Scripting via listtest.php r Parameter
Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter.
by Bgh7
CF Shopkart 5.2.2 - SQL Injection via Category Parameter
SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows remote attackers to execute arbitrary SQL commands via the Category parameter in a ViewCategory action.
by AlpHaNiX
Butterfly Organizer 2.0.1 - SQL Injection via mytable Parameter
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.
by Osirys
Pro Chat Rooms 3.0.2 - Cross-Site Scripting via Gud Parameter
Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter.
by ZynbER
By Source