Exploitdb Exploits
31,351 exploits tracked across all sources.
Z1Exchange - SQL Injection via showads.php id Parameter
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Pouya_Server
Z1Exchange 1.0 - Cross-Site Scripting via showads.php id Parameter
Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by Pouya_Server
Sunbyte e-Flower - SQL Injection via popupproduct.php id Parameter
SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter.
by w4rl0ck
Rapid Classified 3.1 and 3.15 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.
by CoBRa_21
i-Net Solution Orkut Clone - SQL Injection
SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
by d3b4g
i-Net Solution Orkut Clone - Authenticated Cross-Site Scripting via Profile Social ID Parameter
Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.
by d3b4g
Ocean12 Mailing List Manager Gold - Info Disclosure
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
by Pouya_Server
nexusjnr jbook - SQL Injection via User Parameter
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
by Pouya_Server
MailingListPro Free Edition - Information Disclosure via Direct Request
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.
by AlpHaNiX
Rumpus < 6.0 - Buffer Overflow via Long HTTP Verb and Authenticated Buffer Overflow via Long FTP Command Arguments
Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.
by BLUE MOON
Z1Exchange 1.0 - SQL Injection via Edit.php Site Parameter
SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter.
by JIKO
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
PHP JOBWEBSITE PRO - Stored Cross-Site Scripting via Adname Parameter or UserName Field
Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.
by Pouya_Server
PHP JOBWEBSITE PRO - SQL Injection via adname Parameter
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.
by Pouya_Server
PacPoll 4.0 - Unauthenticated Sensitive Information Exposure via Direct Database Request
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb.
by AlpHaNiX
Octeth Oempro 3.5.5.1 - SQL Injection via FormValue_Email or FormValue_SearchKeywords Parameter
Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php.
by security curmudgeon
E. Z. Poll 2 - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by t0fx
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
by Pouya_Server
Aphpkb - Code Injection
Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.
by CWH Underground
IBM Rational ClearCase <7.0.0.4-7.0.1.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page.
by IBM
By Source