Exploitdb Exploits
2,809 exploits tracked across all sources.
Invision Gallery < 2.0.7 - SQL Injection via Album Parameter
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
by RST/GHC
Galaxyscripts Mini File Host < 1.2.1 - Unauthenticated Path Traversal via Language Parameter
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by shinmai
AuraCMS 1.62 - Remote Code Execution via X-Forwarded-For Header
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
by k1tk4t
GradMan < 0.1.3 - Path Traversal and Arbitrary File Execution via Tabla Parameter
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.
by JosS
Peter's Math Anti-Spam Spinoff - Info Disclosure
Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip.
by Romero
Xforum 1.4 - SQL Injection via Topic Parameter
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.
by j0j0
Fortinet FortiGate-1000 <3.00 - Auth Bypass
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058.
by Danux
RichStrong CMS - SQL Injection via showproduct.asp cat Parameter
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by JosS
Agares PhpAutoVideo 2.21 - SQL Injection via articlecat Parameter
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
by Pr0metheuS
PhotoKorn - Exposure of Sensitive Database Credentials via Direct Request to update3.php
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
by Pr0metheuS
iGaming CMS <= 1.3.1 - SQL Injection via Section Parameter
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
by Eugene Minaev
0DayDB 2.3 - 'id' Remote Authentication Bypass
by Pr0metheuS
McAfee E-Business Server <= 8.5.2 - Remote Code Execution via Long Authentication Packet
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
by Leon Juranic
SmallNuke 2.0.4 - SQL Injection via User Email Parameter
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.
by Eugene Minaev
PHP Webquest 2.6 - SQL Injection via id_actividad Parameter
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
by ka0x
FlexBB < 0.6.3 - SQL Injection via flexbb_temp_id Cookie Parameter
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.
by Eugene Minaev
eggblog < 3.1.0 - SQL Injection via eggblogpassword Cookie Parameter
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
by Eugene Minaev
RunCMS 1.6.1 - SQL Injection via Client-Ip Parameter
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.
by Eugene Minaev
Niek Albers CoolPlayer <216 - Buffer Overflow
Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c.
by Trancek
NetRisk 1.9.7 - Unauthenticated Arbitrary Password Change via Direct Request
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
by Cod3rZ
ClipShare 2.6 - Unauthenticated Arbitrary User Profile Modification via uid Parameter
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.
by Pr0metheuS
Zenphoto 1.1-1.1.3 - SQL Injection via rss.php albumnr Parameter
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
by Silentz
WebPortal CMS <0.6.0 - SQL Injection
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
by x0kster
March Networks DVR 3204 - Info Disclosure
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
by Alex Hernandez
By Source