Exploitdb Exploits
31,353 exploits tracked across all sources.
PHP-Nuke Sarkilar Module - SQL Injection via id Parameter
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
by r45c4l
DS-Syndicate 1.1.1 - SQL Injection via feed_id Parameter
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
by boom3rang
Jetbox CMS 2.1 - Authenticated SQL Injection via orderby Parameter or nav_id Parameter
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
by Omer Singer
Jetbox CMS 2.1 - Authenticated SQL Injection via orderby Parameter or nav_id Parameter
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
by Omer Singer
yappa-ng 2.3.2-2.3.3-beta0 - Path Traversal via Album Parameter
Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter.
by Vrs-hCk
Fast Click SQL Lite 1.1.7 - Remote Code Execution via CFG[CDIR] Parameter
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.
by NoGe
ZeeScripts Zeeproperty - SQL Injection via bannerclick.php adid Parameter
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
by Hussin X
phpfastnews 1.0.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
by Qabandi
ShiftThis Newsletter - SQL Injection via Newsletter Parameter
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
by r45c4l
FlashChat 5.0.8 - Unauthenticated Privilege Escalation via Role Filter Bypass
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7."
by eLiSiA
Easy CafeEngine 1.1 - SQL Injection via itemid Parameter
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
by 0xFFFFFF
Post Affiliate Pro 2.0 - Authenticated Path Traversal via md Parameter
Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.
by ZeN
PokerMax Poker League Tournament Script 0.13 - Unauthenticated Authentication Bypass via ValidUserAdmin Cookie
configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.
by DaRkLiFe
Mosaic Commerce - SQL Injection via category.php cid Parameter
SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Ali Abbasi
Mantis < 1.1.4 - Authenticated Remote Code Execution via Sort Parameter
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
by EgiX
Kure 0.6.3 - Path Traversal via Post and Doc Parameters
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.
by JosS
IP Reg <= 0.4 - SQL Injection via location_id or vlan_id Parameter
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579.
by JosS
Habari CMS 0.5.1 - Cross-Site Scripting via habari_username Parameter
Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.
by faithlove
easycafeengine - SQL Injection via id Parameter
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.
by 0xFFFFFF
Calendars for the Web 4.02 - Admin Authentication Bypass
by SecVuln
myWebland myStats - SQL Injection via hits.php sortby Parameter
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
by JosS
Microsoft Outlook Web Access <6.5.7638 - Open Redirect
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
by Martin Suess
Windows XP SP2/SP3 and Windows Server 2003 SP1/SP2 - Local Privilege Escalation via AFD Kernel Input Validation
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
by Ruben Santamarta
myWebland myStats - IP Address Restriction Bypass via X-Forwarded-For Header
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
by JosS
By Source