Exploitdb Exploits
2,814 exploits tracked across all sources.
Mreaves Pet Grooming Management System - Access Control
Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."
by t0pP8uZz
Haudenschilt Battlenet Clan Script < 1.5.3 - SQL Injection
SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.
by Stack
Yabsoft Advanced Image Hosting Script < 2.1 - SQL Injection
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.
by Stack
Joomla Com Xsstream-dm - SQL Injection
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
by Houssamix
rdesktop 1.5.0 - RCE
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
by Guido Landi
Sazcart < 1.5 - SQL Injection
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.
by JosS
Tftp Server SP - Memory Corruption
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
by tixxDZ
Orenosv HTTP FTP Server < 0.8.1 - Buffer Overflow
Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
by Samsta
Buyscripts Vshare Youtube Clone - SQL Injection
SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
by Saime
rdesktop <1.5.0 - DoS/RCE
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
by Guido Landi
Insanevisions Onecms - SQL Injection
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.
by Cod3rZ
Igaming Cms - SQL Injection
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Cod3rZ
Internet Scout Scout Portal Toolkit < 1.3.1 - SQL Injection
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.
by JosS
Sitexs Cms - Access Control
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
by Hadi Kiamarsi
KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities
by Cod3rZ
Wh-com Com Webhosting < 1.1 - SQL Injection
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by cO2
Joomla! Component paxxgallery 0.2 - 'gid' Blind SQL Injection
by ZAMUT
Joomla! com_alphacontent 2.5.8 - SQL Injection
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
by cO2
Clever Copy 3.0 - SQL Injection
SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583.
by U238
YouTube Clone Script - 'spages.php' Remote Code Execution
by Inphex
Web Calendar Pro <4.1 - SQL Injection
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by t0pP8uZz
XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection
by S@BUN
Cale Dunlap Openinvoice - Authentication Bypass
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
by t0pP8uZz
Cale Dunlap Openinvoice < 0.90 - Credentials Management
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
by t0pP8uZz
By Source