Exploitdb Exploits
2,809 exploits tracked across all sources.
Insane Visions AdaptBB 1.0 - SQL Injection via topic_id Parameter
SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php.
by StAkeR
BEA Product Suite - Info Disclosure
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
by Guido Landi
X-Forum 0.6.2 - SQL Injection via cookie_username Parameter
SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.
by Osirys
Sami HTTP Server 2.x - 'HEAD' Remote Denial of Service
by Jonathan Salwan
X-Forum 0.6.2 - Authenticated PHP Code Injection via adminEMail Parameter
Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.
by Osirys
freeSSHd 1.2.1 - Authenticated Buffer Overflow via SFTP Commands
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command.
by r0ut3r
IncrediMail 5.86 - Cross-Site Scripting Script Execution
by Bui Quang Minh
POP Peeper 3.4.0.0 - '.html' Universal Overwrite (SEH)
by Stack
POP Peeper 3.4.0.0 - '.eml' Universal Overwrite (SEH)
by Stack
eXeScope 6.50 - Buffer Overflow via Crafted Executable File
Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers to execute arbitrary code via a crafted executable (.exe) file.
by Koshi
Extensible-BioLawCom CMS <0.2.0 - SQL Injection
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
by dun
rGallery plugin 1.2.3 for WoltLab Burning Board - SQL Injection via userID Parameter
SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
by Invisibility
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
by Osirys
Codice CMS 2 - SQL Injection via Tag Parameter
SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter.
by darkjoker
Chasys Media Player - '.lst Playlist' Local Buffer Overflow
by zAx
Talkative IRC v0.4.4.16 - Buffer Overflow
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.
by LiquidWorm
Serv-U File Server 7.0.0.1-7.4.0.1 - Unauthenticated Directory Traversal via FTP MKD Command
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
by Jonathan Salwan
WinAsm Studio 5.1.5.0 - Buffer Overflow via Crafted Project File
Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file.
by Stack
VLC Media Player 0.9.8a - Denial of Service via Long Input Argument in requests/status.xml
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
by TheLeader
Serv-U File Server 7.0.0.1-7.4.0.1 - Authenticated Denial of Service via SMNT Command
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.
by Jonathan Salwan
Foxit Reader <3.0 Build 1506 - Buffer Overflow
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.
by SkD
POP Peeper < 3.4.0.0 - Remote Code Execution via Long Date Header
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
by Jeremy Brown
By Source