Exploitdb Exploits
31,353 exploits tracked across all sources.
LoveCMS 1.6.2 Final - Path Traversal
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
by cOndemned
hMAilServer 4.4.2 - 'PHPWebAdmin' File Inclusion
by Nine:Situations:Group
DevelopItEasy Photo Gallery 1.2 - SQL Injection via cat_id, photo_id, user_name, or user_pass Parameter
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
Develop It Easy News And Article System 1.4 - SQL Injection via aid Parameter and Admin Panel Credentials
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
by InjEctOr5
Develop It Easy Membership System 1.3 - SQL Injection via Email or Password Parameter
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
DevelopItEasy Events Calendar 1.2 - SQL Injection via User Name, User Pass, or ID Parameter
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
DeltaScripts PHP Shop 1.0 - SQL Injection
SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
DeltaScripts PHP Links < 1.3 - SQL Injection via admin_username Parameter
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
by ZoRLu
DeltaScripts PHP Classifieds <7.5 - SQL Injection
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information.
by ZoRLu
CuteNews aj-fork - 'path' Remote File Inclusion
by DeltahackingTEAM
Arab Portal 2.1 - Path Traversal via mod.php file Parameter
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
by Khashayar Fereidani
Pre Classified Listing PHP - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
Pre Multi-Vendor Shopping Malls - SQL Injection via buyer_detail.php sid/cid Parameters
SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.
by G4N0K
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via util.printf Format String
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
by Debasis Mohanty
CVSS 7.8
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via util.printf Format String
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
by Elazar
CVSS 7.8
Pre Multi-Vendor Shopping Malls - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
Pre Simple CMS - SQL Injection via User Parameter
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
by Hussin X
Pre Shopping Mall - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
Pre Real Estate Listings - SQL Injection via Username Parameter
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
by Cyber-Zone
Pre Podcast Portal - SQL Injection via Tour.php id Parameter
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
by G4N0K
Pre Shopping Mall - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
Small ShoutBox 1.4 - SQL Injection via id Parameter
SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
by StAkeR
Pre Projects PHP Auto Listings Script - SQL Injection via moreinfo.php itemno Parameter
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
by G4N0K
Mole Group Taxi Calc Dist Script - SQL Injection via login.php User Field
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
by InjEctOr5
By Source