Exploitdb Exploits
2,809 exploits tracked across all sources.
MacGuru BLOG Engine Plugin 2.1.4-2.2 - SQL Injection via uid Parameter
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
by Virangar Security
Acoustica Beatcraft 1.02 Build 19 - Stack-Based Buffer Overflow via Long Instruments Title Field
Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field.
by Koshi
Acoustica MP3 CD Burner 4.32 - Buffer Overflow via ASX Playlist REF HREF Attribute
Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected.
by Koshi
Acoustica Mixcraft <4.2 - Buffer Overflow
Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file. NOTE: it was later reported that version 3 is also affected.
by Koshi
dana_irc_client < 1.3 - Stack-based Buffer Overflow via Long IRC Message
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.
by Guido Landi
Pars4u Videosharing 1 - Stored Cross-Site Scripting via PageNo Parameter
Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.
by Mr.SQL
webEdition CMS - SQL Injection via we_objectID Parameter
SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.
by Lidloses_Auge
Pars4u Videosharing - SQL Injection
SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by Mr.SQL
Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 - Format String Vulnerability via FTP Server Greeting
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).
by securfrog
FlashGet FTP 1.9 - Remote Code Execution via Long PWD Response
Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.
by Guido Landi
Ipswitch WS_FTP Home - Buffer Overflow
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."
by securfrog
FlashGet FTP 1.9 - Remote Code Execution via Long PWD Response
Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.
by SkOd
BlazeVideo BlazeDVD Standard and Professional 5.0 - Stack-based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
by LiquidWorm
Maxthon Browser <2.0 - Buffer Overflow
Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header.
by DATA_SNIPER
Pcshey Portal - SQL Injection via kategori.asp kid Parameter
SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter.
by U238
Joomla! com_ezstore - SQL Injection
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
by His0k4
Xerox Phaser 8400 - Denial of Service via Empty UDP Packet to Port 1900
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
by crit3rion
moziloCMS 1.10.1 - Path Traversal via Download.php Cat Parameter
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
by Ams
Pligg CMS < 9.9.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
by GulfTech Security
eNdonesia Calendar module - SQL Injection via loc_id Parameter
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
by Jack
CoolPlayer 2.18 - Stack-Based Buffer Overflow via Crafted m3u File
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
by Guido Landi
MacGuru BLOG Engine Plugin 2.1.4-2.2 - SQL Injection via uid Parameter
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
by Virangar Security
IntelliTamper 2.07 - Buffer Overflow
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
by Koshi
IntelliTamper 2.0.7 - Remote Code Execution via Long HREF Attribute in HTML Parser
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
by Guido Landi
By Source