Exploitdb Exploits
2,814 exploits tracked across all sources.
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload
by Alexander Concha
Perception Liteweb - Denial of Service
LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages.
by Prili
Powl 0.94 - RCE
PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter.
by Kw3[R]Ln
Apache mod_jk 1.2.19/1.2.20 - Remote Buffer Overflow
by eliteboy
Bughunter HTTP Server - Memory Corruption
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
by Prili
SerWeb <0.9.6 - RCE
PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter.
by Kw3[R]Ln
Livecms - Unrestricted File Upload
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
by g00ns
Livecms - XSS
Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.
by g00ns
LiveCMS <3.4 - Info Disclosure
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.
by g00ns
Livecms - SQL Injection
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by g00ns
LAN Management System <1.9.6 - RCE
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
by Kw3[R]Ln
Fuzzylime Forum - SQL Injection
SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by Silentz
Fuzzylime Forum - SQL Injection
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection.
by Silentz
Miniweb HTTP Server - Denial of Service
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.
by gbr
Gaya Design Comicsense - SQL Injection
SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter.
by Silentz
HP Tru64 UNIX <5.1B-4/5.1B-3 - Info Disclosure
Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.
by bunker
My Little Forum <1.7 - SQL Injection
SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Silentz
UltraISO <8.6.2.2011 - Buffer Overflow
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
by n00b
Dokeos <1.6.5 - SQL Injection
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
by Silentz
Dokeos <1.8.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
by Silentz
Microsoft Visual Basic 6 - Buffer Overflow
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
by UmZ
Microsoft Visual Basic 6 - Buffer Overflow
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
by UmZ
Dokeos <1.8.0 - SQL Injection
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
by Silentz
Microsoft IIS 6.0 - '/AUX / '.aspx' Remote Denial of Service
by kingcope
By Source