Exploitdb Exploits
2,809 exploits tracked across all sources.
Net-SNMP 5.1.4, 5.2.4, 5.4.1 - Buffer Overflow via Large OCTETSTRING in AVP
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
by Praveen Darshanam
Mambo Component n-form - 'form_id' Blind SQL Injection
by boom3rang
VLC media player 0.9.x - Stack-based Buffer Overflow via RealText Subtitle Parsing
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
by SkD
Simple Machines Forum 1.0-1.0.14 and 1.1-1.1.6 - Authenticated Path Traversal via Theme Directory Parameter
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
by ~elmysterio
deV!L'z Clanportal <= 1.4.9.6 - SQL Injection via Users Parameter in Addbuddy Operation
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
by anonymous
Network-Client FTP Now 2.6 - Denial of Service via 1024-Character 200 Server Response
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
by DeltahackingTEAM
Micro CMS 0.3.5 - Unauthenticated Administrative Account Manipulation
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action.
by StAkeR
PacketTrap pt360 Tool Suite PRO <2.0.3901.0 - DoS
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.
by Jeremy Brown
e-Commerce Plugin < 3.4 - Unauthenticated Arbitrary File Upload and Remote Code Execution via image_processing.php
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.
by t0pP8uZz
com_simpleboard < 1.0.1 - Unauthenticated Arbitrary File Upload via image_upload.php
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
by t0pP8uZz
7shop < 1.1 - Unauthenticated Arbitrary File Upload via Image Upload
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
by t0pP8uZz
H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass
by StAkeR
e107 easyshop_plugin - SQL Injection via category_id Parameter
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by StAkeR
Graphiks MyForum 1.3 - SQL Injection via lecture.php id Parameter
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Vrs-hCk
MindDezign Photo Gallery 2.2 - SQL Injection via Username Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
by CWH Underground
VLC media player - Remote Code Execution via Crafted TY File Integer Overflow
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
by Guido Landi
SilverSHielD 1.0.2.34 - Denial of Service via SFTP Opendir Command
SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command.
by Jeremy Brown
MindDezign Photo Gallery 2.2 - Unauthenticated Privilege Escalation via Username Parameter
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.
by CWH Underground
GoodTech SSH 6.4 - Authenticated Stack-Based Buffer Overflow via SFTP Parameters
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
by r0ut3r
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via Long Argument to Rename or Realpath Parameters
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
by Jeremy Brown
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via Long Argument to Rename or Realpath Parameters
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
by Jeremy Brown
LoudBlog <= 0.8.0a - Authenticated SQL Injection via colpick Parameter
SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action.
by Xianur0
VLC media player - Remote Code Execution via Crafted TY File Integer Overflow
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
by Guido Landi
By Source