Exploitdb Exploits
31,351 exploits tracked across all sources.
Oramon 2.0.1 - Unauthenticated Sensitive Information Exposure via Direct Request
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.
by ahmadbady
CMS Made Simple 1.4.1 - Path Traversal
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
by M4ck-h@cK
Active Bids 3.5 - SQL Injection via ItemID Parameter
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by Stack
ParsBlogger - 'blog.asp' Cross-Site Scripting
by Pouya_Server
Ocean12 Mailing List Manager Gold - SQL Injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
by Charalambous Glafkos
Ocean12 FAQ Manager Pro - 'Keyword' Cross-Site Scripting
by Charalambous Glafkos
Ocean12 (Multiple Products) - 'Admin_ID' SQL Injection
by Charalambous Glafkos
Active eWebquiz 8.0 - SQL Injection
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
ASPThai.NET ASPThai Forums 8.5 - Unauthenticated Sensitive Information Exposure via Direct Database Download
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb.
by CWH Underground
ASPreferral 5.3 - SQL Injection via Merchantsadd.asp AccountID Parameter
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
by R3d-D3V!L
ActiveVotes 2.2 - SQL Injection via Username and Password Parameters
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
ActiveWebSoftwares ActiveVotes <2.2 - SQL Injection
SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
by R3d-D3V!L
Active Web Mail 4.0 - SQL Injection via TabOpenQuickTab1 Parameter
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
by R3d-D3V!L
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
by R3d-D3V!L
Active Trade 2 - SQL Injection via Username or Password Parameter
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Active Test 2.1 - SQL Injection via Useremail or Password Parameter
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Active Test 2.1 - SQL Injection via QuizID Parameter
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
by R3d-D3V!L
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
by R3d-D3V!L
Active Newsletter 4.3 - SQL Injection via Email or Password Parameter
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Active Membership 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Active Force Matrix 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Local Privilege Escalation
by Abysssec
By Source