Exploitdb Exploits
2,809 exploits tracked across all sources.
Splatt Forum 4.0 RC1 - Remote File Inclusion via bbcode_ref.php name Parameter
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
by GoLd_M
Avant Browser 11.0 build 26 - Stack-Based Buffer Overflow via Long Content-Type HTTP Header
Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header.
by DATA_SNIPER
ScriptMagix Recipes < 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by ajann
scriptmagix_photo_rating < 2.0 - SQL Injection via viewcomments.php phid Parameter
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
by ajann
scriptmagix_jokes < 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by ajann
scriptmagix_faq_builder < 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by ajann
Active PHP Bookmark Notes <0.2.5 - RCE
PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254.
by GoLd_M
War FTP Daemon < 1.65 - Stack-Based Buffer Overflow
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain.
by Umesh Wanve
Woltlab Burning Board 2.x - SQL Injection via applicationids Array Index
SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.
by x666
Cicoandcico CcMail 1.0 - Remote File Inclusion via functions_dir Parameter
PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.
by Crackers_Child
zomplog 3.7.6 - Directory Traversal via settings[skin] Parameter
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
by Bl0od3r
TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC)
by Umesh Wanve
PHP Labs Top Auction - SQL Injection via Category or Type Parameter
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
by ajann
Triexa SonicMailer Pro < 3.2.3 - SQL Injection via List Parameter in Archive Action
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
by ajann
phgstats - Remote Code Execution via PHGDIR Variable Manipulation
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
by bd0rk
Microsoft Internet Explorer <6 - RCE
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
by Mathew Rowley
duyuru_scripti - SQL Injection via goster.asp id Parameter
SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.
by Cr@zy_King
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Denial of Service via Long UDP Packet
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
by Umesh Wanve
fish - Stack-Based Buffer Overflow in ExtractRnick and decrypt_topic_332 Functions
Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.
by ilja van sprundel
Nullsoft Winamp 5.12 - Buffer Overflow via Playlist File1 Field
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
by Umesh Wanve
Mercury Mail Transport System < 4.01b - Remote Code Execution via Long LOGIN Command
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
by mu-b
Links Management Application < 1.0 - SQL Injection via lcnt Parameter
SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.
by ajann
Weltennetz News-Letterman 1.1 - RCE
PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.
by bd0rk
AJ Forum 1.0 - SQL Injection via td_id Parameter
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
by ajann
AJ Auction 1.0 - SQL Injection
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
by ajann
By Source