Exploitdb Exploits
31,353 exploits tracked across all sources.
myEvent 1.6 - SQL Injection via viewevent.php eventdate Parameter
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
by JosS
AstroSPACES 1.1.1 - SQL Injection via Profile ID Parameter
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
by TurkishWarriorr
VLC media player 0.9.2 - Remote Code Execution via XSPF Playlist Negative Identifier Tag
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
by Core Security
XOOPS xhresim module - SQL Injection via index.php no Parameter
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
by EcHoLL
Webscene eCommerce - 'productlist.php' SQL Injection
by Angela Chang
SezHoo 0.1 - Remote Code Execution via IP Parameter
PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
by DaRkLiFe
MyPHPDating - SQL Injection via success_story.php id Parameter
SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hakxer
Elxis CMS 2008.1 revision 2204 - Session Fixation via PHPSESSID Parameter
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
by faithlove
Elxis CMS 2008.1 revision 2204 - Cross-Site Scripting via PATH_INFO or Multiple Parameters
Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. NOTE: the error might be located in modules/mod_language.php, and index.php might be the interaction point.
by faithlove
Telecom Italia Alice Pirelli routers - Backdoor from internal LAN/WAN
by saxdax & drpepperONE
LokiCMS 0.3.4 - Unauthenticated Path Traversal via Language Parameter
Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by JosS
IndexScript 3.0 - SQL Injection via sug_cat.php parent_id Parameter
SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.
by d3v1l
Iltaweb Alisveris Sistemi - SQL Injection
SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.
by tRoot
mini-pub 0.3 - Remote Command Execution via sFileName Argument
mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument.
by muuratsalo
mini-pub 0.3 - Path Traversal via sFileName Parameter
Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.
by muuratsalo
mini-pub < 0.3 - Unauthenticated Path Traversal via sDir Parameter
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
by GoLd_M
Windows 2000/XP/Server 2003 - Remote Code Execution via Crafted Image File
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
by Ac!dDrop
Real Estate Classifieds - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Hakxer
NewLife Blogger < 3.0 - SQL Injection via nlb3 Cookie
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.
by Pepelux
My PHP Indexer 1.0 - Path Traversal via d and f Parameters
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.
by JosS
mini-pub <= 0.3 - Unauthenticated Arbitrary File Read via sFileName Parameter
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
by GoLd_M
mini-pub 0.3 - Remote File Inclusion via sFileName Parameter
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.
by muuratsalo
LokiCMS <= 0.3.4 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.
by JosS
By Source