Exploitdb Exploits
2,809 exploits tracked across all sources.
News File Grabber <4.1.0.1 - Buffer Overflow
Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Parveen Vashishtha
ProFTPD <1.3.1rc1 - Buffer Overflow
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
by Revenge
Xpression News 1.0.1 - Path Traversal
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.
by r0ut3r
ProFTPD <1.3.1rc1 - Buffer Overflow
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
by Revenge
MailEnable Professional and Enterprise Edition 1.1-2.35 - Stack-Based Buffer Overflow via IMAP Service
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
by mu-b
MailEnable Professional and Enterprise Edition 1.1-2.35 - Stack-Based Buffer Overflow via IMAP Service
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
by mu-b
webSPELL 4.01.02 - SQL Injection via showonly Parameter
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
by DNX
Drupal < 5.1 - Post Comments Remote Command Execution
by str0ke
Drupal < 4.7.6 - Post Comments Remote Command Execution
by str0ke
MailEnable Professional <2.35 - DoS
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
by mu-b
MailEnable Professional <2.35 - DoS
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
by mu-b
xaran_cms 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
phpcc < beta_4.2 - SQL Injection via nickpage.php npid Parameter
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
by ajann
SAP Web Application Server <7.00 - Info Disclosure
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
by Nicob
Advanced Poll <2.0.5-dev - Auth Bypass
admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
by diwou
Categories hierarchy (mod-CH) 2.1.2 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Mehmet Ince
Oracle Database Server 10g Release 2 - SQL Injection
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.
by bunker
Ipswitch Collaboration Suite, IMail, IMail Plus, and IMail Secure - Stack-Based Buffer Overflow via SMTP Daemon
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.
by Jacopo Cervini
phpBB++ Build 100 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Mehmet Ince
Galeria Zdjec < 3.0 - Remote File Inclusion via Galeria Parameter
Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
by ajann
CVSTrac < 2.0.1 - Authenticated SQL Injection via Quote Character in Messages
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
by Ralf S. Engelschall
CA BrightStor ARCserve Backup r11.0-r11.1 SP1 - Remote Code Execution via Crafted Packets
Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.
by Jacopo Cervini
Foro Domus 2.10 - Remote File Inclusion via sesion_idioma Parameter
PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.
by Mehmet Ince
EclipseBB 0.5.0 Lite - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Mehmet Ince
By Source