Exploitdb Exploits
31,353 exploits tracked across all sources.
Zeeways SHAADICLONE 2.0 - Unauthenticated Authentication Bypass via Direct Admin Page Access
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
by G4N0K
Zeeways SHAADICLONE 2.0 - Unauthenticated Authentication Bypass via Direct Admin Page Access
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
by G4N0K
Zeeways PhotoVideoTube < 1.1 - Unauthenticated Authentication Bypass via Direct Admin Request
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
by Stack
Zeeproperty 1.0 - Cross-Site Scripting via propid Parameter
Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter.
by ZoRLu
V3 Chat - Profiles/Dating Script 3.0.2 - Auth Bypass
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
by Stack
CVSS 9.8
V3 Chat - Profiles/Dating Script 3.0.2 - SQL Injection
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by d3b4g
V3 Chat - Profiles/Dating Script 3.0.2 - Auth Bypass
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
by Cyber-Zone
CVSS 9.8
Mole Group Airline Ticket Script - Authentication Bypass
by Cyber-Zone
Indiscripts Enthusiast <3.1.4 - RCE
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
by BugReport.IR
cyberfolio <= 7.12.2 - Path Traversal via Theme Parameter
Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
by dun
2wire 1701HG 1800HW 2071HG 2700HG - Cross-Site Request Forgery via XSLT Script
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.
by hkm
DigiAffiliate < 1.4 - SQL Injection via Login Admin and Password Fields
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.
by d3b4g
MyioSoft EasyBookMarker 4.0 - SQL Injection
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
MyioSoft EasyBookMarker 4.0 - SQL Injection
SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.
by G4N0K
Mini Web Calendar 1.2 - Cross-Site Scripting via URL Parameter
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
by ahmadbady
TurnkeyForms Local Classifieds - SQL Injection via listtest.php r Parameter
SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter.
by TR-ShaRk
ISecSoft Anti-Trojan Elite <= 4.2.2 - Buffer Overflow via Atepmon.sys IOCTL
Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL.
by alex
ISecSoft Anti-Keylogger Elite < 3.3.0 - Local Privilege Escalation via AKEProtect.sys IOCTL Buffer Overflow
Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the (1) 0x002224A4, (2) 0x002224C0, and (3) 0x002224CC IOCTL.
by NT Internals
U&M Software Signup 1.0 and 1.1 - Unauthenticated Improper Authentication in Admin Directory
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php.
by G4N0K
U&M Software JustBookIt 1.0 - Unauthenticated Improper Authentication in Admin Scripts
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
by G4N0K
U&M Software Event Lister (JustListIt) 1.0 - Unauthenticated Access to Admin Scripts
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
by G4N0K
TurnkeyForms Software Directory 1.0 - SQL Injection / Cross-Site Scripting
by G4N0K
TurnkeyForms Local Classifieds - Cross-Site Scripting via listtest.php r Parameter
Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter.
by TR-ShaRk
TurnkeyForms Entertainment Portal 2.0 - Unauthenticated Authentication Bypass via adminLogged Cookie
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
by G4N0K
TurnkeyForms Business Survey Pro 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by G4N0K
By Source