Exploitdb Exploits
2,814 exploits tracked across all sources.
IntelliTamper 2.07 - Buffer Overflow
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
by Koshi
IntelliTamper 2.0.7 - RCE
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
by Guido Landi
PowerDVD 8.0 - '.m3u' / '.pls' Multiple Buffer Overflow Vulnerabilities
by LiquidWorm
IntelliTamper <2.08 - Buffer Overflow
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
by Guido Landi
IntelliTamper 2.0.7 - RCE
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
by Guido Landi
MyioSoft EasyPublish <3.0tr - SQL Injection
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.
by Dr.Crash
MyioSoft EasyE-Cards <3.10a - SQL Injection
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.
by Dr.Crash
MyioSoft EasyDynamicPages <3.0 - SQL Injection
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
by Dr.Crash
Arctic Issue Tracker 2.0.0 - SQL Injection
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
by ldma
Asterisk Open Source <1.2.30, 1.4.x <1.4.21.2 - DoS
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
by Blake Cornell
MojoPersonals - SQL Injection
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Mr.SQL
MojoJobs - SQL Injection
SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
by Mr.SQL
MojoClassifieds 2.0 - SQL Injection
SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
by Mr.SQL
MojoAuto - SQL Injection
SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action.
by Mr.SQL
HiFriend - 'cgi-bin/hifriend.pl' Open Email Relay
by Perforin
SoftAcid HRS Multi - SQL Injection
SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter.
by Mr.SQL
DigiLeave <1.2 - SQL Injection
SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
by Mr.SQL
Oracle WebLogic Server <10.3 - Buffer Overflow
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
by kingcope
Alstrasoft Article Manager Pro 1.6 - Blind SQL Injection
by GoLd_M
PHPizabi 0.848b C1 HFP1 - RCE
Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.
by Inphex
Simple DNS Plus <5.1.101 - DoS
Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 allows remote attackers to cause a denial of service via multiple DNS reply packets.
by Exodus
UltraStats <0.2.142 - SQL Injection
SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DNX
Joomla! Component n-forms 1.01 - Blind SQL Injection
by The Moorish
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution
by Inphex & real
AuraCMS 2.2-2.2.2 - RCE
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
by k1tk4t
By Source