Exploitdb Exploits
50,095 exploits tracked across all sources.
Joomla! Component com_dateconverter 0.1 - SQL Injection
by RoAd_KiLlEr
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Salvatore Fresta
iScripts EasySnaps 2.0 - SQL Injection via Comment Parameter
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
by Salvatore Fresta
Interscan Web Security 5.0 - Persistent Cross-Site Scripting
by Ivan Huertas
Flatnux 2010-06.09 - 'find' Cross-Site Scripting
by ITSecTeam
DPScms - 'q' SQL Injection / Cross-Site Scripting
by Ariko-Security
Google Mini Search Appliance - Remote Code Execution via XSLT Style Sheet Select Attribute
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
by Metasploit
Ubiquiti AirOS < 4.0.1 - Command Injection via stainfo.cgi ifname Parameter
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
by emgent
CVSS 9.8
System CMS Contentia - 'news.php' SQL Injection
by GlaDiaT0R
Internet DM Specialist Bed and Breakfast - SQL Injection via pp_id Parameter
SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.
by JaMbA
ShopCartDx 4.30 - 'products.php' Blind SQL Injection
by Dante90
Joomanager - SQL Injection via catid Parameter
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by Sid3^effects
JOOFORGE Gamesbox <1.0.2 - SQL Injection
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.
by v3n0m
Joomla! com_wmtpic <1.0 - SQL Injection
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
by RoAd_KiLlEr
By Source