A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
a099e58626
3 new exploits
Android - getpidcon Usage binder Service Replacement Race Condition
Google Android - getpidcon Usage binder Service Replacement Race Condition
ADODB < 4.70 - (tmssql.php) Denial of Service
ADODB < 4.70 - 'tmssql.php' Denial of Service
FlashGet 3.x - IEHelper Remote Exec (PoC)
FlashGet 3.x - IEHelper Remote Execution (PoC)
SopCast SopCore Control ActiveX - Remote Exec (PoC)
UUSee ReliPlayer ActiveX - Remote Exec (PoC)
SPlayer XvidDecoder 3.3 - ActiveX Remote Exec (PoC)
SopCast SopCore Control ActiveX - Remote Execution (PoC)
UUSee ReliPlayer ActiveX - Remote Execution (PoC)
SPlayer XvidDecoder 3.3 - ActiveX Remote Execution (PoC)
Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Exec (PoC)
Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Execution (PoC)
EViews 7.0.0.1 - (aka 7.2) Multiple Vulnerabilities
EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities
Android Kernel 2.6 - Local Denial of Service Crash (PoC)
Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)
IBM solidDB 6.0.10 - (Format String and Denial of Service) Multiple Vulnerabilities
IBM solidDB 6.0.10 - Format String / Denial of Service
OpenLDAP 2.4.22 - ('modrdn' Request) Multiple Vulnerabilities
OpenLDAP 2.4.22 - 'modrdn' Request Multiple Vulnerabilities
Apple Mac OSX Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities
Apple Mac OSX Regex Engine (TRE) - Integer Signedness / Overflow
Android - ih264d_process_intra_mb Memory Corruption
Google Android - 'ih264d_process_intra_mb' Memory Corruption
Android - IOMX getConfig/getParameter Information Disclosure
Android - IMemory Native Interface is Insecure for IPC Use
Google Android - IOMX getConfig/getParameter Information Disclosure
Google Android - IMemory Native Interface is Insecure for IPC Use
Android Broadcom Wi-Fi Driver - Memory Corruption
Google Android Broadcom Wi-Fi Driver - Memory Corruption
Android - /system/bin/sdcard Stack Buffer Overflow
Google Android - '/system/bin/sdcard' Stack Buffer Overflow
Android - Insufficient Binder Message Verification Pointer Leak
Android - 'gpsOneXtra' Data Files Denial of Service
Google Android - Insufficient Binder Message Verification Pointer Leak
Google Android - 'gpsOneXtra' Data Files Denial of Service
Android - Binder Generic ASLR Leak
Google Android - Binder Generic ASLR Leak
Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Google Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Google Android - WifiNative::setHotlist Stack Overflow
Google Android - WifiNative::setHotlist Stack Overflow
Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145)
Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)
PHP 4.4.0 - (mysql_connect function) Local Buffer Overflow
PHP 4.4.0 - 'mysql_connect function' Local Buffer Overflow
Android 1.x/2.x - Privilege Escalation
Google Android 1.x/2.x - Privilege Escalation
Android - 'sensord' Privilege Escalation
Google Android - 'sensord' Privilege Escalation
tcpdump - ISAKMP Identification payload Integer Overflow
tcpdump - ISAKMP Identification Payload Integer Overflow
Smail 3.2.0.120 - Heap Overflow
Smail 3.2.0.120 - Heap Overflow
HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution Exploit
HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution
Motorola Wimax modem CPEi300 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting
navicopa WebServer 3.0.1 - (Buffer Overflow / Script Source Disclosure) Multiple Vulnerabilities
navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure
dwebpro 6.8.26 - (Directory Traversal/File Disclosure) Multiple Vulnerabilities
dwebpro 6.8.26 - Directory Traversal / File Disclosure
citrix xencenterweb - (Cross-Site Scripting / SQL Injection / Remote Code Execution) Multiple Vulnerabilities
citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Exec (PoC)
Trend Micro Web-Deployment ActiveX - Remote Exec (PoC)
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution (PoC)
Trend Micro Web-Deployment ActiveX - Remote Execution (PoC)
Apache OFBiz - SQL Remote Execution PoC Payload
Apache OFBiz - FULLADMIN Creator PoC Payload
Apache OFBiz - Remote Execution (via SQL Execution) (PoC)
Apache OFBiz - Admin Creator (PoC)
Android 2.0 < 2.1 - Reverse Shell Exploit
Google Android 2.0 < 2.1 - Reverse Shell Exploit
Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit
Google Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit
Android 2.0 / 2.1 /2.1.1 - WebKit Use-After-Free Exploit
Google Android 2.0/2.1/2.1.1 - WebKit Use-After-Free Exploit
Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution
ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution
WinComLPD Total 3.0.2.623 - (Buffer Overflow and Authentication Bypass) Multiple Vulnerabilities
WinComLPD Total 3.0.2.623 - Buffer Overflow / Authentication Bypass
Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
Google Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - (ePowner) Multiple Vulnerabilities
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
ServletExec - (Directory Traversal / Authentication Bypass) Multiple Vulnerabilities
ServletExec - Directory Traversal / Authentication Bypass
Android - 'Stagefright' Remote Code Execution
Google Android - 'Stagefright' Remote Code Execution
Android - libstagefright Integer Overflow Remote Code Execution
Google Android - libstagefright Integer Overflow Remote Code Execution
Android 2.3.5 - PowerVR SGX Driver Information Disclosure
Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure
Android ADB Debug Server - Remote Payload Execution (Metasploit)
Google Android ADB Debug Server - Remote Payload Execution (Metasploit)
Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)
Google Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)
Android - 'BadKernel' Remote Code Execution
Google Android - 'BadKernel' Remote Code Execution
Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
NETGEAR WNR2000v5 - Remote Code Execution
Linux/x86 - portbind payload Shellcode (Generator)
Windows XP SP1 - portbind payload Shellcode (Generator)
Linux/x86 - Portbind Payload Shellcode (Generator)
Windows XP SP1 - Portbind Payload Shellcode (Generator)
Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
phpCOIN 1.2.2 - (phpcoinsessid) SQL Inj / Remote Code Execution
phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution
Aztek Forum 4.00 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities (PoC)
Aztek Forum 4.00 - Cross-Site Scripting / SQL Injection
Integramod Portal 2.x - (functions_portal.php) Remote File Inclusion
Integramod Portal 2.x - 'functions_portal.php' Remote File Inclusion
Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion
Integramod Portal 2.0 rc2 - 'phpbb_root_path' Parameter Remote File Inclusion
paBugs 2.0 Beta 3 - (class.mysql.php) Remote File Inclusion
paBugs 2.0 Beta 3 - 'class.mysql.php' Remote File Inclusion
Agora 1.4 RC1 - (MysqlfinderAdmin.php) Remote File Inclusion
Agora 1.4 RC1 - 'MysqlfinderAdmin.php' Remote File Inclusion
blogme 3.0 - (Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
blogme 3.0 - Cross-Site Scripting / Authentication Bypass
torrentflux 2.2 - (Arbitrary File Create/ Execute / Delete) Multiple Vulnerabilities
torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
BBS E-Market Professional - (Full Path Disclosure / File Inclusion) Multiple Vulnerabilities
BBS E-Market Professional - Full Path Disclosure / File Inclusion
myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Remote File Inclusion
myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Parameter Remote File Inclusion
ig shop 1.0 - (Code Execution / SQL Injection) Multiple Vulnerabilities
ig shop 1.0 - Code Execution / SQL Injection
QUOTE&ORDERING SYSTEM 1.0 - (ordernum) Multiple Vulnerabilities
QUOTE&ORDERING SYSTEM 1.0 - 'ordernum' Multiple Vulnerabilities
vp-asp shopping cart 6.09 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
vp-asp shopping cart 6.09 - SQL Injection / Cross-Site Scripting
forum livre 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
forum livre 1.0 - SQL Injection / Cross-Site Scripting
otscms 2.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
otscms 2.1.5 - SQL Injection / Cross-Site Scripting
Connectix Boards 0.7 - (p_skin) Multiple Vulnerabilities
Connectix Boards 0.7 - 'p_skin' Multiple Vulnerabilities
wbblog - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
wbblog - Cross-Site Scripting / SQL Injection
PHP-Nuke Module Eve-Nuke 0.1 - (mysql.php) Remote File Inclusion
PHP-Nuke Module Eve-Nuke 0.1 - 'mysql.php' Remote File Inclusion
Quick and Dirty Blog (qdblog) 0.4 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities
Quick and Dirty Blog (qdblog) 0.4 - SQL Injection / Local File Inclusion
PHP Coupon Script 3.0 - (index.php bus) SQL Injection
PHP Coupon Script 3.0 - 'bus' Parameter SQL Injection
runawaysoft haber portal 1.0 - (tr) Multiple Vulnerabilities
runawaysoft haber portal 1.0 - 'tr' Multiple Vulnerabilities
NetClassifieds - (SQL Injection / Cross-Site Scripting / Full Path) Multiple Vulnerabilities
NetClassifieds - SQL Injection / Cross-Site Scripting / Full Path
bugmall shopping cart 2.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting
PHPVID 0.9.9 - (categories_type.php cat) SQL Injection
PHPVID 0.9.9 - 'categories_type.php' SQL Injection
bcoos 1.0.10 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
bcoos 1.0.10 - Local File Inclusion / SQL Injection
ftp Admin 0.1.0 - (Local File Inclusion / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
falcon CMS 1.4.3 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting
gf-3xplorer 2.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion
PortalApp 4.0 - (SQL Injection / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities
PortalApp 4.0 - SQL Injection / Cross-Site Scripting / Authentication Bypass
netrisk 1.9.7 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
netrisk 1.9.7 - Cross-Site Scripting / SQL Injection
EasyClassifields 3.0 - (go) SQL Injection
CMSbright - (id_rub_page) SQL Injection
EasyClassifields 3.0 - 'go' Parameter SQL Injection
CMSbright - 'id_rub_page' Parameter SQL Injection
myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection
Coupon Script 4.0 - 'id' SQL Injection
Reciprocal Links Manager 1.1 - (site) SQL Injection
myPHPNuke < 1.8.8_8rc2 - 'artid' Parameter SQL Injection
Coupon Script 4.0 - 'id' Parameter SQL Injection
Reciprocal Links Manager 1.1 - 'site' Parameter SQL Injection
CS-Cart 1.3.5 - (Authentication Bypass) SQL Injection
Spice Classifieds - (cat_path) SQL Injection
CS-Cart 1.3.5 - Authentication Bypass
Spice Classifieds - 'cat_path' Parameter SQL Injection
aspwebalbum 3.2 - (Arbitrary File Upload / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
Living Local Website - 'listtest.php r' SQL Injection
ACG-PTP 1.0.6 - 'adid' SQL Injection
qwicsite pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ACG-ScriptShop - 'cid' SQL Injection
AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution
Living Local Website - 'listtest.php' SQL Injection
ACG-PTP 1.0.6 - 'adid' Parameter SQL Injection
qwicsite pro - SQL Injection / Cross-Site Scripting
ACG-ScriptShop - 'cid' Parameter SQL Injection
AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution
Vastal I-Tech Agent Zone - (ann_id) SQL Injection
Vastal I-Tech Visa Zone - (news_id) SQL Injection
Vastal I-Tech Toner Cart - 'id' SQL Injection
Vastal I-Tech Share Zone - 'id' SQL Injection
Vastal I-Tech DVD Zone - 'cat_id' SQL Injection
Vastal I-Tech Jobs Zone - (news_id) SQL Injection
Vastal I-Tech MMORPG Zone - (game_id) SQL Injection
Vastal I-Tech Mag Zone - 'cat_id' SQL Injection
Vastal I-Tech Freelance Zone - (coder_id) SQL Injection
Vastal I-Tech Cosmetics Zone - 'cat_id' SQL Injection
EsFaq 2.0 - (idcat) SQL Injection
Vastal I-Tech Shaadi Zone 1.0.9 - (tage) SQL Injection
Vastal I-Tech Dating Zone - (fage) SQL Injection
Vastal I-Tech Agent Zone - 'ann_id' Parameter SQL Injection
Vastal I-Tech Visa Zone - 'news_id' Parameter SQL Injection
Vastal I-Tech Toner Cart - 'id' Parameter SQL Injection
Vastal I-Tech Share Zone - 'id' Parameter SQL Injection
Vastal I-Tech DVD Zone - 'cat_id' Parameter SQL Injection
Vastal I-Tech Jobs Zone - 'news_id' Parameter SQL Injection
Vastal I-Tech MMORPG Zone - 'game_id' Parameter SQL Injection
Vastal I-Tech Mag Zone - 'cat_id' Parameter SQL Injection
Vastal I-Tech Freelance Zone - 'coder_id' Parameter SQL Injection
Vastal I-Tech Cosmetics Zone - 'cat_id' Parameter SQL Injection
EsFaq 2.0 - 'idcat' Parameter SQL Injection
Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' Parameter SQL Injection
Vastal I-Tech Dating Zone - 'fage' Parameter SQL Injection
Masir Camp E-Shop Module 3.0 - (ordercode) SQL Injection
Alstrasoft Forum - (cat) SQL Injection
Masir Camp E-Shop Module 3.0 - 'ordercode' Parameter SQL Injection
Alstrasoft Forum - 'cat' Parameter SQL Injection
Alstrasoft Forum - 'catid' SQL Injection
Alstrasoft Forum - 'catid' Parameter SQL Injection
Creator CMS 5.0 - (sideid) SQL Injection
Creator CMS 5.0 - 'sideid' Parameter SQL Injection
CMS Buzz - 'id' SQL Injection
CMS Buzz - 'id' Parameter SQL Injection
phpVID 1.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection
PhpWebGallery 1.3.4 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Autodealers CMS AutOnline - (pageid) SQL Injection
Sports Clubs Web Panel 0.0.1 - (p) Local File Inclusion
PHPVID 1.1 - Cross-Site Scripting / SQL Injection
Zanfi CMS lite / Jaw Portal free - 'page' Parameter SQL Injection
PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion
Autodealers CMS AutOnline - 'pageid' Parameter SQL Injection
Sports Clubs Web Panel 0.0.1 - 'p' Parameter Local File Inclusion
Autodealers CMS AutOnline - 'id' SQL Injection
Sports Clubs Web Panel 0.0.1 - 'id' SQL Injection
PhpWebGallery 1.3.4 - (cat) Blind SQL Injection
Autodealers CMS AutOnline - 'id' Parameter SQL Injection
Sports Clubs Web Panel 0.0.1 - 'id' Parameter SQL Injection
PhpWebGallery 1.3.4 - Blind SQL Injection
phpsmartcom 0.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
phpsmartcom 0.2 - Local File Inclusion / SQL Injection
AvailScript Article Script - 'view.php v' SQL Injection
AvailScript Article Script - 'view.php' SQL Injection
Fastpublish CMS 1.9999 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection
mini-pub 0.3 - (File Disclosure/Code Execution) Multiple Vulnerabilities
mini-pub 0.3 - File Disclosure / Code Execution
websvn 2.0 - (Cross-Site Scripting / File Handling/Code Execution) Multiple Vulnerabilities
websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution
phpdaily - (SQL Injection / Cross-Site Scripting / lfd) Multiple Vulnerabilities
phpdaily - SQL Injection / Cross-Site Scripting / Local File Download
questcms - (Cross-Site Scripting / Directory Traversal / SQL Injection) Multiple Vulnerabilities
questcms - Cross-Site Scripting / Directory Traversal / SQL Injection
MatPo Link 1.2b - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
MatPo Link 1.2b - Blind SQL Injection / Cross-Site Scripting
WEBBDOMAIN WebShop 1.02 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
WEBBDOMAIN WebShop 1.02 - SQL Injection / Cross-Site Scripting
Prozilla Software Directory - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Prozilla Software Directory - Cross-Site Scripting / SQL Injection
TurnkeyForms Local Classifieds - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
TurnkeyForms Local Classifieds - Cross-Site Scripting / SQL Injection
zeeproperty 1.0 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
zeeproperty 1.0 - Arbitrary File Upload / Cross-Site Scripting
Openfire Server 3.6.0a - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Collabtive 0.4.8 - (Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload) Multiple Vulnerabilities
Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting
Collabtive 0.4.8 - Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload
MODx CMS 0.9.6.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting
ftpzik - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
bandwebsite 1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
ftpzik - Cross-Site Scripting / Local File Inclusion
bandwebsite 1.5 - SQL Injection / Cross-Site Scripting
nitrotech 0.0.3a - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities
nitrotech 0.0.3a - Remote File Inclusion / SQL Injection
chipmunk topsites - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
Clean CMS 1.5 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
chipmunk topsites - Authentication Bypass / Cross-Site Scripting
Clean CMS 1.5 - Blind SQL Injection / Cross-Site Scripting
Ocean12 Contact Manager Pro - (SQL Injection / Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities
Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure
comersus asp shopping cart - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting
minimal ablog 0.4 - (SQL Injection / Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities
minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass
wbstreet 1.0 - (SQL Injection / File Disclosure) Multiple Vulnerabilities
wbstreet 1.0 - SQL Injection / File Disclosure
template creature - (SQL Injection / File Disclosure) Multiple Vulnerabilities
template creature - SQL Injection / File Disclosure
merlix educate servert - (Authentication Bypass/File Disclosure) Multiple Vulnerabilities
merlix educate servert - Authentication Bypass / File Disclosure
nightfall personal diary 1.0 - (Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities
nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure
ASP AutoDealer - (SQL Injection / File Disclosure) Multiple Vulnerabilities
ASP AutoDealer - SQL Injection / File Disclosure
aspmanage banners - (Arbitrary File Upload / File Disclosure) Multiple Vulnerabilities
aspmanage banners - Arbitrary File Upload / File Disclosure
asp talk - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
asp talk - SQL Injection / Cross-Site Scripting
webcaf 1.4 - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
webcaf 1.4 - Local File Inclusion / Remote Code Execution
PHPmyGallery 1.0beta2 - (Remote File Inclusion / Local File Inclusion) Multiple Vulnerabilities
PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion
postecards - (SQL Injection / File Disclosure) Multiple Vulnerabilities
postecards - SQL Injection / File Disclosure
PHP Multiple Newsletters 2.7 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting
living Local 1.1 - (Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities
Pro Chat Rooms 3.0.2 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload
Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery
cf shopkart 5.2.2 - (SQL Injection / File Disclosure) Multiple Vulnerabilities
cf shopkart 5.2.2 - SQL Injection / File Disclosure
the net guys aspired2blog - (SQL Injection / File Disclosure) Multiple Vulnerabilities
the net guys aspired2blog - SQL Injection / File Disclosure
Joomla! Component live chat - (SQL Injection / Open Proxy) Multiple Vulnerabilities
Joomla! Component live chat - SQL Injection / Open Proxy
Simple Text-File Login script (SiTeFiLo) 1.0.6 - (File Disclosure / Remote File Inclusion) Multiple Vulnerabilities
Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion
autositephp 2.0.3 - (Local File Inclusion / Cross-Site Request Forgery / Edit File) Multiple Vulnerabilities
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
PHP weather 2.2.2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting
isweb CMS 3.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
isweb CMS 3.0 - SQL Injection / Cross-Site Scripting
clickandemail - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
clickandemail - SQL Injection / Cross-Site Scripting
Zelta E Store - (Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection) Multiple Vulnerabilities
Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection
chicomas 2.0.4 - (Database Backup/File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting
phpg 1.6 - (Cross-Site Scripting / Full Path Disclosure/Denial of Service) Multiple Vulnerabilities
phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service
doop CMS 1.4.0b - (Cross-Site Request Forgery / Arbitrary File Upload) Multiple Vulnerabilities
doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload
phpskelsite 1.4 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
phpskelsite 1.4 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
ezpack 4.2b2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
ezpack 4.2b2 - Cross-Site Scripting / SQL Injection
Netvolution CMS 1.0 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Netvolution CMS 1.0 - Cross-Site Scripting / SQL Injection
rankem - (File Disclosure / Cross-Site Scripting / cm) Multiple Vulnerabilities
blogit! - (SQL Injection / File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
rankem - File Disclosure / Cross-Site Scripting / Cookie
blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
gamescript 4.6 - (Cross-Site Scripting / SQL Injection / Local File Inclusion) Multiple Vulnerabilities
gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion
revou twitter clone - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
revou twitter clone - Cross-Site Scripting / SQL Injection
bpautosales 1.0.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection
sma-db 0.3.12 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting
Android 'content://' URI - Multiple Information Disclosure Vulnerabilities
Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
Power System Of Article Management 3.0 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
team 1.x - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting
team 1.x - File Disclosure / Cross-Site Scripting
gr blog 1.1.4 - (Arbitrary File Upload / Authentication Bypass) Multiple Vulnerabilities
gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass
Kipper 2.01 - (Cross-Site Scripting / Local File Inclusion / File Disclosure) Multiple Vulnerabilities
Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure
SilverNews 2.04 - (Authentication Bypass / Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
AdaptCMS Lite 1.4 - (Cross-Site Scripting / Remote File Inclusion) Multiple Vulnerabilities
SnippetMaster Webpage Editor 2.2.2 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion
SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting
dacio's CMS 1.08 - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
ideacart 0.02 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
ideacart 0.02 - Local File Inclusion / SQL Injection
CmsFaethon 2.2.0 - (info.php item) SQL Command Injection
CmsFaethon 2.2.0 - info.php item SQL Command Injection
powermovielist 0.14b - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
powermovielist 0.14b - SQL Injection / Cross-Site Scripting
Graugon Forum 1 - 'id' SQL Command Injection
Graugon Forum 1 - 'id' Command Injection (via SQL Injection)
irokez blog 0.7.3.2 - (Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection) Multiple Vulnerabilities
irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection
ritsblog 0.4.2 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting
blindblog 1.3.1 - (SQL Injection / Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities
tghostscripter Amazon Shop - (Cross-Site Scripting / Directory Traversal / Remote File Inclusion) Multiple Vulnerabilities
blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
Wili-CMS 0.4.0 - (Remote File Inclusion / Local File Inclusion / Authentication Bypass) Multiple Vulnerabilities
Wili-CMS 0.4.0 - Remote File Inclusion / Local File Inclusion / Authentication Bypass
PHP Director 0.21 - (sql into outfile) eval() Injection
PHP Director 0.21 - (SQL into outfile) eval() Injection
phpCommunity 2.1.8 - (SQL Injection / Directory Traversal / Cross-Site Scripting) Multiple Vulnerabilities
phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting
phpmysport 1.4 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpmysport 1.4 - Cross-Site Scripting / SQL Injection
Kim Websites 1.0 - (Authentication Bypass) SQL Injection
Kim Websites 1.0 - Authentication Bypass
Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities
Bloginator 1a - Cookie Bypass / SQL Injection
Pixie CMS - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Pixie CMS - Cross-Site Scripting / SQL Injection
Codice CMS 2 - SQL Command Execution
Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection
Codice CMS 2 - Command Execution (via SQL Injection)
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
acute control panel 1.0.0 - (SQL Injection / Remote File Inclusion) Multiple Vulnerabilities
acute control panel 1.0.0 - SQL Injection / Remote File Inclusion
Diskos CMS Manager - (SQL Injection / File Disclosure/Authentication Bypass) Multiple Vulnerabilities
Diskos CMS Manager - SQL Injection / File Disclosure / Authentication Bypass
ablespace 1.0 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
PHP-revista 1.1.2 - (Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection
PHP-revista 1.1.2 - Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting
flatnux 2009-03-27 - (Arbitrary File Upload / Information Disclosure) Multiple Vulnerabilities
flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
fungamez rc1 - (Authentication Bypass / Local File Inclusion) Multiple Vulnerabilities
fungamez rc1 - Authentication Bypass / Local File Inclusion
pastelcms 0.8.0 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
pastelcms 0.8.0 - Local File Inclusion / SQL Injection
mixedcms 1.0b - (Local File Inclusion / Arbitrary File Upload / Authentication Bypass/File Disclosure) Multiple Vulnerabilities
mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosure
fowlcms 1.1 - (Authentication Bypass / Local File Inclusion / Arbitrary File Upload) Multiple Vulnerabilities
fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload
photo-rigma.biz 30 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting
Dew-NewPHPLinks 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting
Leap CMS 0.1.4 - (SQL Injection / Cross-Site Scripting / Arbitrary File Upload) Multiple Vulnerabilities
Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
TemaTres 1.0.3 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting
PHP recommend 1.3 - (Authentication Bypass / Remote File Inclusion / Code Inject) Multiple Vulnerabilities
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Inject
my-colex 1.4.2 - (Authentication Bypass / Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
my-gesuad 0.9.14 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
my-colex 1.4.2 - Authentication Bypass / Cross-Site Scripting / SQL Injection
my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting
vidshare pro - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
vidshare pro - SQL Injection / Cross-Site Scripting
asp inline Corporate Calendar - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting
minitwitter 0.3-beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
minitwitter 0.3-beta - SQL Injection / Cross-Site Scripting
small pirate 2.1 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
amember 3.1.7 - (Cross-Site Scripting / SQL Injection / HTML Injection) Multiple Vulnerabilities
small pirate 2.1 - Cross-Site Scripting / SQL Injection
amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection
elitecms 1.01 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
elitecms 1.01 - SQL Injection / Cross-Site Scripting
flashlight free edition - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
flashlight free edition - Local File Inclusion / SQL Injection
propertymax pro free - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
propertymax pro free - SQL Injection / Cross-Site Scripting
virtue news - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
virtue news - SQL Injection / Cross-Site Scripting
mrcgiguy freeticket - (Cookie Handling / SQL Injection) Multiple Vulnerabilities
mrcgiguy freeticket - Cookie Handling / SQL Injection
yogurt 0.3 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
yogurt 0.3 - Cross-Site Scripting / SQL Injection
campus virtual-lms - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
campus virtual-lms - Cross-Site Scripting / SQL Injection
translucid 1.75 - Multiple Vulnerabilities
TransLucid 1.75 - Multiple Vulnerabilities
impleo music Collection 2.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
impleo music Collection 2.0 - SQL Injection / Cross-Site Scripting
adaptweb 0.9.2 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
adaptweb 0.9.2 - Local File Inclusion / SQL Injection
CMS buzz - (Cross-Site Scripting / Password Change/HTML Injection) Multiple Vulnerabilities
CMS buzz - Cross-Site Scripting / Password Change / HTML Injection
elgg - (Cross-Site Scripting / Cross-Site Request Forgery/Change Password) Multiple Vulnerabilities
elgg - Cross-Site Scripting / Cross-Site Request Forgery / Change Password
phpCollegeExchange 0.1.5c - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
phpCollegeExchange 0.1.5c - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
Tribiq CMS 5.0.12c - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
Tribiq CMS 5.0.12c - Cross-Site Scripting / Local File Inclusion
Virtue Online Test Generator - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Virtue Online Test Generator - Authentication Bypass / SQL Injection / Cross-Site Scripting
webasyst shop-script - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
webasyst shop-script - Blind SQL Injection / Cross-Site Scripting
ebay clone 2009 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
ebay clone 2009 - Cross-Site Scripting / Blind SQL Injection
censura 1.16.04 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
censura 1.16.04 - Blind SQL Injection / Cross-Site Scripting
good/bad vote - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities
good/bad vote - Cross-Site Scripting / Local File Inclusion
mcshoutbox 1.1 - (SQL Injection / Cross-Site Scripting / shell) Multiple Vulnerabilities
mcshoutbox 1.1 - SQL Injection / Cross-Site Scripting / shell
Million-Dollar Pixel Ads Platinum - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting
almond Classifieds ads - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
skadate dating - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
XOOPS Celepar Module Qas - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
garagesalesjunkie - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
almond Classifieds ads - Blind SQL Injection / Cross-Site Scripting
skadate dating - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting
garagesalesjunkie - SQL Injection / Cross-Site Scripting
iwiccle 1.01 - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
iwiccle 1.01 - Local File Inclusion / SQL Injection
Orbis CMS 1.0 - (File Delete/Download File / Arbitrary File Upload / SQL Injection) Multiple Vulnerabilities
Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection
cmsphp 0.21 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
d.net CMS - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities
cmsphp 0.21 - Local File Inclusion / Cross-Site Scripting
d.net CMS - Local File Inclusion / SQL Injection
mobilelib gold 3.0 - (Authentication Bypass / SQL Injection) Multiple Vulnerabilities
mobilelib gold 3.0 - Authentication Bypass / SQL Injection
elvin bts 1.2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting
shopmaker CMS 2.0 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities
shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion
mybackup 1.4.0 - (File Download / Remote File Inclusion) Multiple Vulnerabilities
tenrok 1.1.0 - (File Disclosure / Remote Code Execution) Multiple Vulnerabilities
mybackup 1.4.0 - File Download / Remote File Inclusion
tenrok 1.1.0 - File Disclosure / Remote Code Execution
AccessoriesMe PHP Affiliate Script 1.4 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
opennews 1.0 - (SQL Injection / Remote Code Execution) Multiple Vulnerabilities
AccessoriesMe PHP Affiliate Script 1.4 - Blind SQL Injection / Cross-Site Scripting
opennews 1.0 - SQL Injection / Remote Code Execution
PHP Script Forum Hoster - (Topic Delete / Cross-Site Scripting) Multiple Vulnerabilities
PHP Script Forum Hoster - Topic Delete / Cross-Site Scripting
LM Starmail 2.0 - (SQL Injection / File Inclusion) Multiple Vulnerabilities
LM Starmail 2.0 - SQL Injection / File Inclusion
logoshows bbs 2.0 - (File Disclosure / Insecure Cookie Handling) Multiple Vulnerabilities
logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling
tgs CMS 0.x - (Cross-Site Scripting / SQL Injection / File Disclosure) Multiple Vulnerabilities
tgs CMS 0.x - Cross-Site Scripting / SQL Injection / File Disclosure
Vtiger CRM 5.0.4 - (Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
totalcalendar 2.4 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities
totalcalendar 2.4 - Blind SQL Injection / Local File Inclusion
nullam blog 0.1.2 - (Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
nullam blog 0.1.2 - Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting
gyro 5.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
gyro 5.0 - SQL Injection / Cross-Site Scripting
Joomla! Component Hotel Booking System - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection
Micro CMS 3.5 - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities
Micro CMS 3.5 - SQL Injection / Local File Inclusion
Ez Blog 1.0 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
Recipe Script 5.0 - (Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting
eUploader PRO 3.1.1 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
Pre Job Board 1.0 - SQL Bypass
Pre Job Board 1.0 - SQL Authentication Bypass
Pre Jobo .NET - SQL Bypass
Pre Jobo .NET - SQL Authentication Bypass
PHPDirector Game Edition 0.1 - (Local File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting
gridcc script 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
gridcc script 1.0 - SQL Injection / Cross-Site Scripting
Layout CMS 1.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Layout CMS 1.0 - SQL Injection / Cross-Site Scripting
KosmosBlog 0.9.3 - (SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
KosmosBlog 0.9.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
ZeusCMS 0.2 - (Database Backup Dump / Local File Inclusion) Multiple Vulnerabilities
ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion
Katalog Stron Hurricane 1.3.5 - (Remote File Inclusion / SQL Injection) Multiple Vulnerabilities
Katalog Stron Hurricane 1.3.5 - Remote File Inclusion / SQL Injection
Open Source Classifieds 1.1.0 - Alpha (OSClassi) Multiple Vulnerabilities
Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection / Cross-Site Scripting / Arbitrary Admin Change
phpMySite - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpMySite - Cross-Site Scripting / SQL Injection
quality point 1.0 newsfeed - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
quality point 1.0 newsfeed - SQL Injection / Cross-Site Scripting
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities
DynPG CMS 4.1.0 - popup.php / counter.php Multiple Vulnerabilities
jevoncms - (Local File Inclusion / Remote File Inclusion) Multiple Vulnerabilities
jevoncms - Local File Inclusion / Remote File Inclusion
SIESTTA 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities
JV2 Folder Gallery 3.1.1 - 'popup_slideshow.php' Multiple Vulnerabilities
parlic Design - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
parlic Design - SQL Injection / Cross-Site Scripting / HTML Injection
MileHigh Creative - (SQL Injection / Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
MileHigh Creative - SQL Injection / Cross-Site Scripting / HTML Injection
QuickTalk 1.2 - (Source Code Disclosure) Multiple Vulnerabilities
QuickTalk 1.2 - Source Code Disclosure
K-Search - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
K-Search - SQL Injection / Cross-Site Scripting
Macs CMS 1.1.4 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
Macs CMS 1.1.4 - Cross-Site Scripting / Cross-Site Request Forgery
Guestbook Script PHP - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
Guestbook Script PHP - Cross-Site Scripting / HTML Injection
Max's Guestbook - (HTML Injection / Cross-Site Scripting) Multiple Vulnerabilities
Max's Guestbook - HTML Injection / Cross-Site Scripting
Allpc 2.5 osCommerce - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting
TradeMC E-Ticaret - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting
Cag CMS 0.2 - (Cross-Site Scripting / Blind SQL Injection) Multiple Vulnerabilities
Cag CMS 0.2 - Cross-Site Scripting / Blind SQL Injection
Tastydir 1.2 - (1216) Multiple Vulnerabilities
Tastydir 1.2 (1216) - Multiple Vulnerabilities
WordPress - 'do_trackbacks()' function SQL Injection
WordPress 3.0.1 - 'do_trackbacks()' function SQL Injection
F3Site 2011 alfa 1 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery
PHP Coupon Script 6.0 - (bus) Blind SQL Injection
PHP Coupon Script 6.0 - 'bus' Parameter Blind SQL Injection
GAzie 5.10 - (Login Parameter) Multiple Vulnerabilities
GAzie 5.10 - Login Parameter Multiple Vulnerabilities
BST - BestShopPro (nowosci.php) Multiple Vulnerabilities
BST (BestShopPro) - 'nowosci.php' Multiple Vulnerabilities
Fork CMS 3.2.4 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
DFLabs PTK 1.0.5 - (Steal Authentication Credentials) Multiple Vulnerabilities
DFLabs PTK 1.0.5 - Steal Authentication Credentials
Wolfcms 0.75 - (Cross-Site Request Forgery / Cross-Site Scripting) Multiple Vulnerabilities
Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting
Axous 1.1.1 - (Cross-Site Request Forgery / Persistent Cross-Site Scripting) Multiple Vulnerabilities
Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
myPHPNuke 1.8.8 - links.php Cross-Site Scripting
myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting
Flying Dog Software Powerslave 4.3 Portalmanager - sql_id Information Disclosure
Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information Disclosure
PHPWebGallery 1.3.4/1.5.1 - comments.php Multiple Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - category.php search Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - picture.php image_id Parameter SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'comments.php' SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'category.php' SQL Injection
PHPWebGallery 1.3.4/1.5.1 - 'picture.php' SQL Injection
myPHPNuke 1.8.8 - reviews.php letter Parameter Cross-Site Scripting
myPHPNuke 1.8.8 - download.php dcategory Parameter Cross-Site Scripting
myPHPNuke 1.8.8 - 'reviews.php' Cross-Site Scripting
myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting
phpVID 1.2.3 - Multiple Vulnerabilities
PHPVID 1.2.3 - Multiple Vulnerabilities
PHPWebGallery 1.4.1 - category.php Multiple Parameter Cross-Site Scripting
PHPWebGallery 1.4.1 - picture.php Multiple Parameter Cross-Site Scripting
PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting
PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting
phpMyAdmin 2.7 - sql.php Cross-Site Scripting
phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting
ADOdb 4.6/4.7 - Tmssql.php Cross-Site Scripting
ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting
PHPWebGallery 1.x - comments.php Cross-Site Scripting
PHPWebGallery 1.x - 'comments.php' Cross-Site Scripting
MySQLDumper 1.21 - sql.php Cross-Site Scripting
MySQLDumper 1.21 - 'sql.php' Cross-Site Scripting
KikChat - (Local File Inclusion / Remote Code Execution) Multiple Vulnerabilities
KikChat - Local File Inclusion / Remote Code Execution
EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
EasyE-Cards 3.10 - SQL Injection / Cross-Site Scripting
LuxCal 3.2.2 - (Cross-Site Request Forgery/Blind SQL Injection) Multiple Vulnerabilities
LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection
Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter SQL Injection
Vastal I-Tech DVD Zone - view_mag.php mag_id Parameter Cross-Site Scripting
Vastal I-Tech DVD Zone - 'view_mag.php' SQL Injection
Vastal I-Tech DVD Zone - 'view_mag.php' Cross-Site Scripting
Interspire Email Marketer - (Cross-Site Scripting / HTML Injection / SQL Injection) Multiple Vulnerabilities
Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (Execute SQL Query)
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)
ntop-ng 2.5.160805 - Username Enumeration
ntop-ng 2.5.160805 - Username Enumeration
|
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
| update-exploits.txt | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).