Exploitdb Exploits
31,351 exploits tracked across all sources.
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection
by Bl@ckbe@rD
SailPlanner 0.3a - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by JIKO
ReVou Micro Blogging Twitter clone - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by R3d-D3V!L
RakhiSoftware Shopping Cart - Exposure of Sensitive Information via Invalid PHPSESSID Cookie
RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.
by Charalambous Glafkos
RakhiSoftware Shopping Cart - Cross-Site Scripting via category_id and subcategory_id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters.
by Charalambous Glafkos
Ocean12 FAQ Manager Pro 1.0 - SQL Injection via ID Parameter in Cat Action
SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information.
by Stack
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
by MrDoug
bluo_cms 1.2 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by The_5p3ctrum
Turnkey Arcade Script - SQL Injection
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.
by The_5p3ctrum
Membership Manager Pro - SQL Injection via Username Parameter
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter).
by Cyber-Zone
Ocean12 Contact Manager Pro 1.02 - SQL Injection via Sort Parameter
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
by Pouya_Server
Ocean12 Contact Manager Pro 1.02 - Unprotected Sensitive Information Exposure via Direct Request
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
by Pouya_Server
aspWebCalendar - SQL Injection via Username Field or EventID Parameter
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
by Bl@ckbe@rD
TxtBlog 1.0 Alpha - Path Traversal via m Parameter
Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter.
by CWH Underground
Turnkey Arcade Script - SQL Injection
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.
by The_5p3ctrum
Kalptaru Infotech Stararticles - Access Control
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
by ZoRLu
RakhiSoftware Shopping Cart - SQL Injection via product.php subcategory_id Parameter
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.
by XaDoS
PageTree CMS 0.0.2 BETA 00001 - Remote Code Execution via GLOBALS[PT_Config][dir][data] Parameter
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
by NoGe
Ocean12 Poll Manager Pro - Database Disclosure
by Pouya_Server
Ocean12 Membership Manager Pro - Database Disclosure
by Pouya_Server
Membership Manager Pro - SQL Injection via Login Password Parameter
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Cyber-Zone
Ocean12 FAQ Manager Pro - Unauthenticated Sensitive Data Exposure via Direct Database Request
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
by Stack
By Source