Exploitdb Exploits
31,353 exploits tracked across all sources.
Shahrood - SQL Injection via id Parameter
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
by BazOka-HaCkEr
Scripts For Sites EZ e-store - SQL Injection via SearchResults.php where Parameter
SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.
by ZoRLu
Scripts For Sites EZ Pub Site - SQL Injection via cat Parameter
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Hakxer
Scripts for Sites EZ Gaming Cheats - SQL Injection via view_reviews.php id Parameter
SQL injection vulnerability in view_reviews.php in Scripts for Sites (SFS) EZ Gaming Cheats allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
Flash Tree Gallery (com_treeg) 1.0 - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
by NoGe
Graugon PHP Article Publisher 1.0 - Unauthenticated Authentication Bypass via g_admin Cookie
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
by ZoRLu
GO4I.NET ASP Forum 1.0 - SQL Injection via iFor Parameter
SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter.
by Bl@ckbe@rD
Downline Goldmine Builder and Addons - SQL Injection via id Parameter
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Hussin X
Downline Goldmine Builder and Addons - SQL Injection via id Parameter
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Hussin X
myWebland Bloggie Lite 0.0.2 beta - SQL Injection via Cookie
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
by JosS
AJ Square AJ Article - SQL Injection via txtName Parameter
SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field).
by Hakxer
Fantastico De Luxe Module for cPanel - Path Traversal and Arbitrary File Execution via scriptpath_show Parameter
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
by Khashayar Fereidani
A-LINK WL54AP2 and WL54AP3 < 1.4.1 - Cross-Site Request Forgery via Management Interface
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.
by Henri Lindberg
ModernBill < 4.4 - Cross-Site Scripting via new_language Parameter
Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.
by nigh7f411
U-Mail Webmail Server 4.91 - Arbitrary File Write via Filesystem Module Path Parameter
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.
by Shennan Wang
Tribiq CMS 5.0.9a beta - Unauthenticated Authentication Bypass via Cookie Manipulation
Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue
by ZoRLu
Tribiq CMS 5.0.10a and 5.0.12c - Remote File Inclusion via Template Path Parameter
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.
by GoLd_M
SpitFire Photo Pro - 'pages.php' SQL Injection
by Beenu Arora
Scripts For Sites EZ Webring - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in Scripts For Sites (SFS) EZ Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by d3b4g
Scripts For Sites EZ Top Sites - SQL Injection via topsite.php ts Parameter
SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) EZ Top Sites allows remote attackers to execute arbitrary SQL commands via the ts parameter.
by Stack
Scripts For Sites Hotscripts-like Site - SQL Injection via software-description.php id Parameter
SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
by x0r
Scripts for Sites EZ Link Directory - SQL Injection via cat_id Parameter
SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by BeyazKurt
Scripts For Sites Hotscripts-like Site - SQL Injection via showcategory.php cid Parameter
SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by TR-ShaRk
Scripts For Sites EZ Hot or Not - SQL Injection via viewcomments.php phid Parameter
SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.
by d3b4g
ez_hosting_directory - SQL Injection via cat_id Parameter
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by BeyazKurt
By Source