Exploitdb Exploits
31,353 exploits tracked across all sources.
php-daily - SQL Injection via id or prev Parameter
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
by 0xFFFFFF
PHP-Daily - Cross-Site Scripting via Date Parameter
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.
by 0xFFFFFF
php-daily - Path Traversal via Download File Parameter
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.
by 0xFFFFFF
New Earth Programming Team imgupload 1.0 - Unauthenticated Arbitrary File Upload via uploadp.php
Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.
by Dentrasi
jmds com_kbase 1.2 - SQL Injection via id Parameter
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
by H!tm@N
Joomla! Component archaic binary Gallery 0.2 - Directory Traversal
by H!tm@N
iPei Guestbook 2.0 - Cross-Site Scripting via pg Parameter
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.
by Ghost Hacker
buzzywall 1.3.1 - Path Traversal via Download ID Parameter
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
by b3hz4d
AJ Square RSS Reader - SQL Injection via EditUrl.php url Parameter
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.
by yassine_enp
MindDezign Photo Gallery 2.2 - SQL Injection via id Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.
by CWH Underground
SiteEngine 5.x - Open Redirect via Forward Parameter
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.
by xy7
SiteEngine 5.x - Exposure of Sensitive Information via phpinfo Action Parameter
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.
by xy7
miniPortail 2.2 - Path Traversal via lng Parameter
Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lng parameter.
by StAkeR
WebSVN < 2.0 - Path Traversal and Arbitrary File Write via RSS Rev Parameter
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
by GulfTech Security
WebSVN <= 2.0 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by GulfTech Security
Microsoft Windows Server Service - Remote Code Execution via Crafted RPC Request
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
by stephen lawler
CVSS 9.8
WebSVN 1.x - Remote Code Execution via Username preg_replace Eval Switch
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
by GulfTech Security
SiteEngine 5.x - Open Redirect via Forward Parameter
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.
by xuanmumu
SiteEngine 5.x - SQL Injection via Announcements.php id Parameter
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
by xuanmumu
TXTshop beta 1.0 - Path Traversal via Language Parameter
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by Pepelux
SiteEngine 5.x - SQL Injection via Announcements.php id Parameter
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
by xy7
osprey 1.0a4.1 - Remote Code Execution via ListRecords.php xml_dir Parameter
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xml_dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the lib_dir vector is already covered by CVE-2006-6630.
by BoZKuRTSeRDaR
miniportail 2.2 - Cross-Site Scripting via Search String
Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string.
by StAkeR
MindDezign Photo Gallery 2.2 - SQL Injection via Username Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
by CWH Underground
By Source