bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php
History
Offensive Security c203af40e6 DB: 2016-12-31 
1 new exploits

Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure
cPanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure

pppBlog 0.3.8 - (randompic.php) System Disclosure
pppBlog 0.3.8 - System Disclosure

NetRisk 1.9.7 - (change_submit.php) Remote Password Change Exploit
NetRisk 1.9.7 - Remote Password Change Exploit

netrisk 1.9.7 - Cross-Site Scripting / SQL Injection
NetRisk 1.9.7 - Cross-Site Scripting / SQL Injection

Cpanel 11.x - 'Fantastico' Local File Inclusion (sec Bypass)
cPanel 11.x - 'Fantastico' Local File Inclusion (sec Bypass)

MyForum 1.3 - (lecture.php id) SQL Injection
MyForum 1.3 - 'lecture.php' SQL Injection

MyForum 1.3 - (padmin) Local File Inclusion
MyForum 1.3 - 'padmin' Parameter Local File Inclusion
e107 Plugin alternate_profiles - 'id' SQL Injection
MyKtools 2.4 - (langage) Local File Inclusion
e107 Plugin alternate_profiles - 'id' Parameter SQL Injection
MyKtools 2.4 - 'langage' Parameter Local File Inclusion
questcms - Cross-Site Scripting / Directory Traversal / SQL Injection
AIOCP 1.4 - 'poll_id' SQL Injection
QuestCMS - Cross-Site Scripting / Directory Traversal / SQL Injection
AIOCP 1.4 - 'poll_id' Parameter SQL Injection
PersianBB - 'iranian_music.php id' SQL Injection
Agares ThemeSiteScript 1.0 (loadadminpage) - Remote File Inclusion
PersianBB - 'id' Parameter SQL Injection
Agares ThemeSiteScript 1.0 - 'loadadminpage' Parameter Remote File Inclusion

Sepal SPBOARD 4.5 - (board.cgi) Remote Command Execution
Sepal SPBOARD 4.5 - 'board.cgi' Remote Command Execution
Venalsur on-line Booking Centre - (OfertaID) Cross-Site Scripting / SQL Injection
Pro Traffic One - 'poll_results.php id' SQL Injection
Venalsur on-line Booking Centre - Cross-Site Scripting / SQL Injection
Pro Traffic One - 'poll_results.php' SQL Injection

e107 Plugin lyrics_menu - 'lyrics_song.php l_id' SQL Injection
e107 Plugin lyrics_menu - 'l_id' Parameter SQL Injection
SFS EZ Adult Directory - 'Directory.php id' SQL Injection
Logz podcast CMS 1.3.1 - (add_url.php art) SQL Injection
cpanel 11.x - Cross-Site Scripting / Local File Inclusion
SFS EZ Adult Directory - 'directory.php' SQL Injection
Logz podcast CMS 1.3.1 - 'art' Parameter SQL Injection
cPanel 11.x - Cross-Site Scripting / Local File Inclusion

SFS EZ HotScripts-like Site - 'cid' SQL Injection
SFS EZ HotScripts-like Site - 'cid' Parameter SQL Injection

SFS EZ Hosting Directory - 'cat_id' SQL Injection
SFS EZ Hosting Directory - 'cat_id' Parameter SQL Injection
SFS EZ Home Business Directory - 'cat_id' SQL Injection
SFS EZ Link Directory - 'cat_id' SQL Injection
Adult Banner Exchange Website - (targetid) SQL Injection
SFS EZ BIZ PRO - 'track.php id' SQL Injection
SFS EZ Affiliate - 'cat_id' SQL Injection
Article Publisher PRO 1.5 - (Authentication Bypass) SQL Injection
SFS EZ Webring - (cat) SQL Injection
SFS EZ Hot or Not - (phid) SQL Injection
SFS EZ Software - 'id' SQL Injection
SFS EZ Home Business Directory - 'cat_id' Parameter SQL Injection
SFS EZ Link Directory - 'cat_id' Parameter SQL Injection
Adult Banner Exchange Website - 'targetid' Parameter SQL Injection
SFS EZ BIZ PRO - SQL Injection
SFS EZ Affiliate - 'cat_id' Parameter SQL Injection
Article Publisher PRO 1.5 - Authentication Bypass
SFS EZ Webring - 'cat' Parameter SQL Injection
SFS EZ Hot or Not - 'phid' Parameter SQL Injection
SFS EZ Software - 'id' Parameter SQL Injection
Article Publisher PRO - (userid) SQL Injection
SFS EZ Auction - 'viewfaqs.php cat' Blind SQL Injection
SFS EZ Career - 'content.php topic' SQL Injection
SFS EZ Top Sites - 'topsite.php ts' SQL Injection
SFS EZ Webstore - (where) SQL Injection
SFS EZ Pub Site - 'Directory.php cat' SQL Injection
SFS EZ Gaming Cheats - 'id' SQL Injection
Article Publisher PRO - 'userid' Parameter SQL Injection
SFS EZ Auction - Blind SQL Injection
SFS EZ Career - SQL Injection
SFS EZ Top Sites - SQL Injection
SFS EZ Webstore - 'where' Parameter SQL Injection
SFS EZ Pub Site - SQL Injection
SFS EZ Gaming Cheats - SQL Injection
GO4I.NET ASP Forum 1.0 - (forum.asp iFor) SQL Injection
YourFreeWorld Programs Rating - 'details.php id' SQL Injection
GO4I.NET ASP Forum 1.0 - SQL Injection
YourFreeWorld Programs Rating - SQL Injection
Shahrood - 'ndetail.php id' Blind SQL Injection
YourFreeWorld Downline Builder - 'id' SQL Injection
YourFreeWorld Banner Management - 'id' SQL Injection
YourFreeWorld Blog Blaster - 'id' SQL Injection
YourFreeWorld Autoresponder Hosting - 'id' SQL Injection
YourFreeWorld Forced Matrix Script - 'id' SQL Injection
YourFreeWorld Short Url & Url Tracker - 'id' SQL Injection
YourFreeWorld Viral Marketing - 'id' SQL Injection
YourFreeWorld Scrolling Text Ads - 'id' SQL Injection
YourFreeWorld Reminder Service - 'id' SQL Injection
YourFreeWorld Classifieds Blaster - 'id' SQL Injection
Shahrood - Blind SQL Injection
YourFreeWorld Downline Builder - 'tr.php' SQL Injection
YourFreeWorld Banner Management - SQL Injection
YourFreeWorld Blog Blaster - 'tr.php' SQL Injection
YourFreeWorld Autoresponder Hosting - 'tr.php' SQL Injection
YourFreeWorld Forced Matrix Script - SQL Injection
YourFreeWorld Short Url & Url Tracker - SQL Injection
YourFreeWorld Viral Marketing - SQL Injection
YourFreeWorld Scrolling Text Ads - SQL Injection
YourFreeWorld Reminder Service - SQL Injection
YourFreeWorld Classifieds Blaster - SQL Injection
Downline Goldmine Builder - 'tr.php id' SQL Injection
Downline Goldmine Category Addon - 'id' SQL Injection
YourFreeWorld Classifieds Hosting - 'id' SQL Injection
YourFreeWorld URL Rotator - 'id' SQL Injection
Downline Goldmine paidversion - 'tr.php id' SQL Injection
Downline Goldmine newdownlinebuilder - 'tr.php id' SQL Injection
YourFreeWorld Shopping Cart - 'index.php c' Blind SQL Injection
Maran PHP Shop - 'prod.php cat' SQL Injection
Downline Goldmine Builder - SQL Injection
Downline Goldmine Category Addon - SQL Injection
YourFreeWorld Classifieds Hosting - SQL Injection
YourFreeWorld URL Rotator - SQL Injection
Downline Goldmine paidversion - SQL Injection
Downline Goldmine newdownlinebuilder - SQL Injection
YourFreeWorld Shopping Cart - Blind SQL Injection
Maran PHP Shop - 'prod.php' SQL Injection

1st News - 'products.php id' SQL Injection
1st News - SQL Injection

BosClassifieds - 'cat_id' SQL Injection
BosClassifieds - 'cat_id' Parameter SQL Injection

MatPo Link 1.2b - (view.php id) SQL Injection
MatPo Link 1.2b - SQL Injection

Apoll 0.7b - (Authentication Bypass) SQL Injection
Apoll 0.7b - Authentication Bypass
pppBlog 0.3.11 - (randompic.php) File Disclosure
TBmnetCMS 1.0 - (index.php content) Local File Inclusion
pppBlog 0.3.11 - File Disclosure
TBmnetCMS 1.0 - Local File Inclusion

WEBBDOMAIN Post Card 1.02 - 'catid' SQL Injection
WEBBDOMAIN Post Card 1.02 - 'catid' Parameter SQL Injection

nicLOR Puglia Landscape - 'id' Local File Inclusion
nicLOR Puglia Landscape - Local File Inclusion

Vibro-School-CMS - (nID) SQL Injection
Vibro-School-CMS - 'nID' Parameter SQL Injection
WEBBDOMAIN Petition 1.02/2.0/3.0 - (Authentication Bypass) SQL Injection
WEBBDOMAIN Polls 1.01 - (Authentication Bypass) SQL Injection
WEBBDOMAIN Quiz 1.02 - (Authentication Bypass) SQL Injection
WEBBDOMAIN Webshop 1.02 - (Authentication Bypass) SQL Injection
Simple Document Management System 1.1.4 - SQL Injection Authentication Bypass
Tours Manager 1.0 - (cityview.php cityid) SQL Injection
WEBBDOMAIN Post Card 1.02 - (Authentication Bypass) SQL Injection
WEBBDOMAIN Petition 1.02/2.0/3.0 - Authentication Bypass
WEBBDOMAIN Polls 1.01 - Authentication Bypass
WEBBDOMAIN Quiz 1.02 - Authentication Bypass
WEBBDOMAIN Webshop 1.02 - Authentication Bypass
Simple Document Management System 1.1.4 - Authentication Bypass
Tours Manager 1.0 - SQL Injection
WEBBDOMAIN Post Card 1.02 - Authentication Bypass
PHPX 3.5.16 - (news_id) SQL Injection
Pre Podcast Portal - 'Tour.php id' SQL Injection
PHPX 3.5.16 - 'news_id' Parameter SQL Injection
Pre Podcast Portal - SQL Injection

Graugon PHP Article Publisher 1.0 - (SQL Injection / Cookie Handling) Multiple Remote Vulnerabilities
Graugon PHP Article Publisher 1.0 - SQL Injection / Cookie Handling

Absolute Form Processor XE-V 1.5 - (Authentication Bypass) SQL Injection
Absolute Form Processor XE-V 1.5 - Authentication Bypass

MyForum 1.3 - (Authentication Bypass) SQL Injection
MyForum 1.3 - Authentication Bypass

Cpanel 11.25 - Cross-Site Request Forgery (Add FTP Account)
cPanel 11.25 - Cross-Site Request Forgery (Add FTP Account)

Simple Document Management System (SDMS) - SQL Injection
Simple Document Management System - SQL Injection

Cpanel 11.x - Cross-Site Request Forgery (Edit E-mail)
cPanel 11.x - Cross-Site Request Forgery (Edit E-mail)

PHPMyForum 4.0 - 'index.php' page Parameter Cross-Site Scripting
PHPMyForum 4.0 - 'page' Parameter Cross-Site Scripting

Cpanel 10 - Select.HTML Cross-Site Scripting
cPanel 10 - Select.HTML Cross-Site Scripting

CPanel 5-10 - SUID Wrapper Privilege Escalation
cPanel 5-10 - SUID Wrapper Privilege Escalation
AIOCP 1.3.x - 'cp_forum_view.php' Multiple Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_show_ec_products.php' order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_users_online.php order_field Parameter Cross-Site Scripting
AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter Cross-Site Scripting
AIOCP 1.3.x - '/admin/code/index.php' load_page Parameter Remote File Inclusion
AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_news.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_forum_view.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_edit_user.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_newsletter.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_links.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_contact_us.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_show_ec_products.php' Multiple Parameter SQL Injection
AIOCP 1.3.x - 'cp_login.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_users_online.php' order_field Parameter SQL Injection
AIOCP 1.3.x - 'cp_codice_fiscale.php' choosed_language Parameter SQL Injection
AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter SQL Injection
AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_users_online.php' Cross-Site Scripting
AIOCP 1.3.x - 'cp_links_search.php' Cross-Site Scripting
AIOCP 1.3.x - 'load_page' Parameter Remote File Inclusion
AIOCP 1.3.x - 'cp_dpage.php' SQL Injection
AIOCP 1.3.x - 'cp_news.php' SQL Injection
AIOCP 1.3.x - 'cp_forum_view.php' SQL Injection
AIOCP 1.3.x - 'cp_edit_user.php' SQL Injection
AIOCP 1.3.x - 'cp_newsletter.php' SQL Injection
AIOCP 1.3.x - 'cp_links.php' SQL Injection
AIOCP 1.3.x - 'cp_contact_us.php' SQL Injection
AIOCP 1.3.x - 'cp_show_ec_products.php' SQL Injection
AIOCP 1.3.x - 'cp_login.php' SQL Injection
AIOCP 1.3.x - 'cp_users_online.php' SQL Injection
AIOCP 1.3.x - 'cp_codice_fiscale.php' SQL Injection
AIOCP 1.3.x - 'cp_links_search.php' SQL Injection

CPanel 10 - DNSlook.HTML Cross-Site Scripting
cPanel 10 - DNSlook.HTML Cross-Site Scripting

CPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities
cPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities

CPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting
cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting

CPanel 11 - PassWDMySQL Cross-Site Scripting
cPanel 11 - PassWDMySQL Cross-Site Scripting

CPanel 10.9.1 - Resname Parameter Cross-Site Scripting
cPanel 10.9.1 - Resname Parameter Cross-Site Scripting

netRisk 1.9.7 - 'index.php' Remote File Inclusion
NetRisk 1.9.7 - 'index.php' Remote File Inclusion

YourFreeWorld Downline Builder Pro - 'id' Parameter SQL Injection
YourFreeWorld Downline Builder Pro - 'tr.php' SQL Injection

XIGLA Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection
Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection

TBmnetCMS 1.0 - 'content' Parameter Cross-Site Scripting
TBmnetCMS 1.0 - Cross-Site Scripting

pppBLOG 0.3 - 'search.php' Cross-Site Scripting

Zend Framework / zend-mail < 2.4.11 - Remote Code Execution
2016-12-31 05:01:17 +00:00
..
dos DB: 2016-09-03 2016-09-03 13:13:25 +00:00
local DB: 2016-09-03 2016-09-03 13:13:25 +00:00
remote DB: 2016-09-28 2016-09-28 11:55:43 +00:00
webapps DB: 2016-12-31 2016-12-31 05:01:17 +00:00