Exploitdb Exploits

50,121 exploits tracked across all sources.

Sort: Activity Stars

CVE-2014-100029 EXPLOITDB

Ganesha Digital Library - Path Traversal

Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter.

View

CVE-2014-100030 EXPLOITDB

Ganesha Digital Library - XSS

Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action.

View

CVE-2006-1128 EXPLOITDB

Gallery 2 <2.0.2 - Path Traversal

Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.

View

CVE-2010-3307 EXPLOITDB

Free Simple CMS <1.0 - RCE

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter.

View

CVE-2009-1776 EXPLOITDB

Matt Wright Formmail < 1.92 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.

View

CVE-2009-0534 EXPLOITDB

FlexCMS - SQL Injection

SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.

View

CVE-2008-5778 EXPLOITDB

Free Links Directory Script 1.2a - SQL Injection

SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

View

CVE-2008-5779 EXPLOITDB

Free Links Directory Script <1.2a - SQL Injection

SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.

View

CVE-2008-5759 EXPLOITDB

FlatnuX CMS (aka Flatnuke3) - XSS

Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View

CVE-2005-4208 EXPLOITDB php

Flatnuke - Path Traversal

Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.

View

CVE-2005-2540 EXPLOITDB php

FlatNuke 2.5.5 - Code Injection

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.

View

CVE-2014-1222 EXPLOITDB

Vtiger Crm < 6.0.0 - Path Traversal

Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.

View

CVE-2014-9145 EXPLOITDB

Fiyo CMS 2.0.1.8 - SQL Injection

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php.

View

CVE-2014-9146 EXPLOITDB

Fiyo CMS 2.0.1.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.

View

CVE-2015-1371 EXPLOITDB

ferretCMS 1.0.4-alpha - RCE

Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/.

View

CVE-2015-1372 EXPLOITDB

ferretCMS 1.0.4-alpha - SQL Injection

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.

View

CVE-2015-1373 EXPLOITDB

ferretCMS 1.0.4-alpha - XSS

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action.

View

CVE-2006-2744 EXPLOITDB

F@cile Interactive Web <0.8.6 - RCE

PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.

View

CVE-2006-2745 EXPLOITDB

F@cile Interactive Web <0.8.5 - RCE

Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.

View

CVE-2009-4364 EXPLOITDB

ScriptsEz Ez Blog - XSS

Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

View

CVE-2009-4365 EXPLOITDB

ScriptsEz Ez Blog 1.0 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.

View

CVE-2009-4364 EXPLOITDB

ScriptsEz Ez Blog - XSS

View

CVE-2009-4365 EXPLOITDB

ScriptsEz Ez Blog 1.0 - CSRF

View

CVE-2020-8654 EXPLOITDB HIGH

EyesOfNetwork <5.3 - Command Injection

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.

CVSS 8.8

View

CVE-2020-8655 EXPLOITDB HIGH

EyesOfNetwork <5.3 - Privilege Escalation

An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.

CVSS 7.8

View

By Source

Exploitdb 50,121

By Language