Exploitdb Exploits

50,150 exploits tracked across all sources.

Sort: Activity Stars

CVE-2011-4333 EXPLOITDB MEDIUM

LabWiki <1.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.

CVSS 6.1

View

CVE-2008-6647 EXPLOITDB

Ktools Photostore - SQL Injection

SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.

View

CVE-2008-6648 EXPLOITDB

Ktools Photostore - SQL Injection

SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.

View

CVE-2006-6763 EXPLOITDB

KISGB - RCE

Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.

View

CVE-2019-17504 EXPLOITDB MEDIUM

Kirona Dynamic Resource Scheduling - XSS

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.

CVSS 6.1

View

CVE-2009-0764 EXPLOITDB

Kipper 2.01 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View

CVE-2009-0766 EXPLOITDB

Kipper 2.01 - Path Traversal

Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View

CVE-2010-2911 EXPLOITDB

Kayako eSupport <3.70.02 - SQL Injection

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

View

CVE-2013-3727 EXPLOITDB

Kasseler-cms < 2 - SQL Injection

SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

View

CVE-2013-3728 EXPLOITDB

Kasseler-cms < 2 - XSS

Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.

View

CVE-2018-5404 EXPLOITDB MEDIUM

Quest Kace K1000 <9.0.270 - Blind SQL Injection

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.

CVSS 6.5

View

CVE-2018-5405 EXPLOITDB MEDIUM

Quest Kace K1000 <9.0.270 - XSS

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other user. An authenticated user with 'user console only' rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator.

CVSS 5.4

View

CVE-2010-1479 EXPLOITDB

Joomla! com_rokmodule 1.1 - SQL Injection

SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.

View

CVE-2008-0754 EXPLOITDB

Joomla Com Rapidrecipe - SQL Injection

Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action.

View

CVE-2008-2630 EXPLOITDB

Joomla Com Jb2 - SQL Injection

SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.

View

CVE-2010-2513 EXPLOITDB

Harmistechnology Com Jeajaxeventcalendar - SQL Injection

SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.

View

CVE-2008-5864 EXPLOITDB

Joomla! <1.0.0 - SQL Injection

SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.

View

CVE-2008-5865 EXPLOITDB

Hotel Booking Reservation System 1.0.0 - com_hbssearch - SQL Injection

SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.

View

CVE-2008-5874 EXPLOITDB

Hotel Booking Reservation System - Joomla! SQL Injection

Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.

View

CVE-2008-5864 EXPLOITDB

Joomla! <1.0.0 - SQL Injection

View

CVE-2008-5864 EXPLOITDB perl

Joomla! <1.0.0 - SQL Injection

View

CVE-2008-5865 EXPLOITDB perl

Hotel Booking Reservation System 1.0.0 - com_hbssearch - SQL Injection

View

CVE-2007-3973 EXPLOITDB perl

Jblog - XSS

Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.

View

CVE-2007-3974 EXPLOITDB perl

JBlog 1.0 - RCE

admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.

View

CVE-2006-7128 EXPLOITDB

JAF CMS 4.0 RC1 - Code Injection

PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.

View

By Source

Exploitdb 50,150

By Language