Exploitdb Exploits
31,353 exploits tracked across all sources.
Sites for Scripts EZ Home Business Directory - SQL Injection via cat_id Parameter
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by BeyazKurt
Sites for Scripts Gaming Directory - SQL Injection via cat_id Parameter
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by Hurley
Sites for Scripts Gaming Directory - SQL Injection via cat_id Parameter
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by BeyazKurt
Scripts For Sites EZ Career - SQL Injection via Topic Parameter
SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by Stack
Scripts For Sites EZ BIZ PRO - SQL Injection via track.php id Parameter
SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
Scripts for Sites EZ Auction - SQL Injection via viewfaqs.php cat Parameter
SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Stack
Scripts for Sites EZ Affiliate - SQL Injection via cat_id Parameter
SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by d3b4g
Scripts For Sites EZ Adult Directory - SQL Injection via cat_id Parameter
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by Hurley
phpWebSite - SQL Injection via Links.php cid Parameter
SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
by Beenu Arora
ModernBill < 4.4 - Remote Code Execution via DIR Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
by nigh7f411
Logz podcast CMS 1.3.1 - SQL Injection via art Parameter
SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter.
by ZoRLu
Lyrics (lyrics_menu) plugin 0.42 for e107 - SQL Injection via l_id Parameter
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
cPanel - Cross-Site Scripting via Fantastico De Luxe Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
by Khashayar Fereidani
Article Publisher Pro 1.5 - SQL Injection via Username Parameter
SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
Adult Banner Exchange Website - SQL Injection
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
by Hussin X
Xigla Absolute Newsletter 6.0 and 6.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by x0r
Absolute News Manager.NET 5.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Xigla Absolute News Feed 1.0 and possibly 1.5 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
by Hakxer
Absolute Live Support .NET 5.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Xigla Absolute Form Processor .NET 4.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Xigla Absolute FAQ Manager.NET 6.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Absolute Control Panel XE 1.5 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Absolute Content Rotator 6.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Absolute Banner Manager .NET 4.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
By Source