Exploitdb Exploits

31,353 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4888 EXPLOITDB text VERIFIED
netrisk < 2.0 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information.
by StAkeR
CVE-2008-4880 EXPLOITDB text VERIFIED
Maran PHP Shop - SQL Injection via prodshow.php id Parameter
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
by d3v1l
CVE-2008-4879 EXPLOITDB text VERIFIED
Maran PHP Shop - SQL Injection via prod.php cat Parameter
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
by JosS
CVE-2008-6296 EXPLOITDB text VERIFIED
Maran PHP Shop - Unauthenticated Authentication Bypass via User Cookie
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
by JosS
CVE-2008-6269 EXPLOITDB text VERIFIED
Joovili 3.1.4 - Unauthenticated Authentication Bypass via Cookie Manipulation
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
by ZoRLu
CVE-2008-4178 EXPLOITDB text VERIFIED
Downline Goldmine Builder and Addons - SQL Injection via id Parameter
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Hussin X
CVE-2008-4178 EXPLOITDB text VERIFIED
Downline Goldmine Builder and Addons - SQL Injection via id Parameter
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Hussin X
CVE-2008-6683 EXPLOITDB text VERIFIED
Apartment Search Script - Cross-Site Scripting via r Parameter
Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter.
by ZoRLu
CVE-2008-4890 EXPLOITDB text VERIFIED
1st News 4 Professional - SQL Injection via products.php id Parameter
SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.
by TR-ShaRk
CVE-2008-3757 EXPLOITDB text VERIFIED
YourFreeWorld Forced Matrix Script - SQL Injection
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3751 EXPLOITDB text VERIFIED
YourFreeWorld Short Url & Url Tracker Script - SQL Injection
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3749 EXPLOITDB text VERIFIED
YourFreeWorld Banner Mgr < - SQL Injection
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3756 EXPLOITDB text VERIFIED
YourFreeWorld Viral Marketing Script - SQL Injection
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3750 EXPLOITDB text VERIFIED
YourFreeWorld URL Rotator Script - SQL Injection
SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4885 EXPLOITDB text VERIFIED
YourFreeWorld Scrolling Text Ads Script - SQL Injection via id Parameter
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4885 EXPLOITDB text VERIFIED
YourFreeWorld Scrolling Text Ads Script - SQL Injection via id Parameter
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4881 EXPLOITDB text VERIFIED
YourFreeWorld Reminder Service Script - SQL Injection via id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
EIP-2026-114547 EXPLOITDB text VERIFIED
YourFreeWorld Programs Rating - SQL Injection
by Hussin X
CVE-2008-4895 EXPLOITDB text VERIFIED
YourFreeWorld Downline Builder - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4884 EXPLOITDB text VERIFIED
YourFreeWorld Classifieds Hosting Script - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4900 EXPLOITDB text VERIFIED
YourFreeWorld Classifieds Blaster Script - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3755 EXPLOITDB text VERIFIED
YourFreeWorld Classifieds Script - SQL Injection
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
by Hussin X
CVE-2008-4883 EXPLOITDB text VERIFIED
YourFreeWorld Blog Blaster Script - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4900 EXPLOITDB text VERIFIED
YourFreeWorld Classifieds Blaster Script - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4882 EXPLOITDB text VERIFIED
YourFreeWorld Autoresponder Hosting Script - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
By Source
All 31,353 Writeup 60,940 Exploitdb 50,031 Nomisec 22,034 Metasploit 3,243 Github 3,053 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,353 python 6,269 ruby 5,933 c 3,603 perl 2,849 html 2,058 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 108 go 65 postscript 25 xml 24