Exploitdb Exploits
2,814 exploits tracked across all sources.
KUDRSOFT AudioPLUS 2.00.215 - Buffer Overflow
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument.
by hack4love
Brothersoft PEamp 1.02b - Buffer Overflow
Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
by ThE g0bL!N
TFM MMPlayer 2.0- - Buffer Overflow
Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
by ThE g0bL!N
Simple Machines Forum 1.0.2 - SQL Injection
SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.
by eLwaux
PunBB <1.0.1 - SQL Injection
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.
by Dante90
PunBB <1.1.0 - SQL Injection
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.
by Dante90
HT-MP3Player 1.0 - Buffer Overflow
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.
by hack4love
SCMPX 1.5.1 - Buffer Overflow
Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.
by hack4love
USOLVED NEWSolved 1.1.6 - SQL Injection
Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.
by jmp-esp
COMRaider - File Creation/Overwrite
Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
by Khashayar Fereidani
Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service
by RSnake
Carom3D 5.06 - DoS
The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012.
by LiquidWorm
iJoomla RSS Feeder - SQL Injection
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
by Mehmet Ince
phpWebThings <1.5.2 - SQL Injection
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by StAkeR
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)
by Blake Cornell
Open Biller 0.1 - SQL Injection
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by YEnH4ckEr
Shop-Script Pro 2.12 - SQL Injection
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.
by Ams
Kjtechforce Mailman Beta1 - SQL Injection
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
by YEnH4ckEr
Joomla! Seminar <1.28 - SQL Injection
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
by ThE g0bL!N
Online Grades & Attendance <3.2.6 - SQL Injection
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
by YEnH4ckEr
RadCLASSIFIEDS Gold 2.0 - SQL Injection
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
by Br0ly
Online Grades & Attendance 3.2.6 - Credentials Changer SQL
by YEnH4ckEr
Apache APR-util <1.3.7 - DoS
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
by kingcope
CVSS 7.5
By Source