Exploitdb Exploits
2,809 exploits tracked across all sources.
Formbankserver 1.9 - Directory Traversal via Name Parameter
Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by Bl0od3r
Fersch Formbankserver 1.9 - Denial of Service via Name Parameter Path Traversal
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter.
by Bl0od3r
Fersch Formbankserver 1.9 - Denial of Service via Name Parameter Path Traversal
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by Bl0od3r
Website Designs For Less Click N' Print Coupons < 2005-01-00 - SQL Injection via coupon_detail.asp key Parameter
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
by ajann
Yrch! 1.0 - Remote File Inclusion via Path Parameter
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by DeltahackingTEAM
DB Hub 0.3 - Denial of Service via Crafted Network Traffic
Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.
by Critical Security
PHP-Update <2.7 - Privilege Escalation
admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.
by undefined1_
php-update < 2.7 - Authenticated Arbitrary File Upload via userfile Parameter
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
by undefined1_
PWP Technologies The Classified Ad System - SQL Injection
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.
by ajann
mtcms < 2.0 - Remote File Inclusion via admin_settings.php ins_file Parameter
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
by nuffsaid
Fishyshoop 0.930 beta - Unauthenticated Arbitrary Admin User Creation via is_admin Parameter
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1.
by James Gray
Ciberia Content Federator 1.0 - RCE
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information.
by DeltahackingTEAM
Ultimate PHP Board <2.0b1 - Code Injection
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
by nuffsaid
pagetool < 1.07 - Remote Code Execution via File Inclusion in pt_upload.php
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
by g00ns
Newsletter MX <1.0.2 - SQL Injection
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
mxmania_file_upload_manager < 1.0.6 - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
acFTP 1.5 - Authenticated Denial of Service via REST or PBSZ Command
acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.
by gbr
Enthrallweb ePages - SQL Injection via Biz_ID Parameter
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
by ajann
Enthrallweb eMates 1.0 - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
Enthrallweb eJobs - SQL Injection via Newsdetail ID Parameter
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
ixprim_cms 1.2 - Information Disclosure via FCKeditor Plugin Path Exposure
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
by DarkFig
Http Explorer 1.02 - Path Traversal
Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI.
by str0ke
Ixprim CMS 1.2 - Unauthenticated Brute Force Attack via Guessable IXP_CODE
The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack.
by DarkFig
cwmcounter < 5.1.1 - Remote Code Execution via Path Parameter
PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by bd0rk
GNU wget 1.10.2 - Denial of Service via FTP SYST Command
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
by Federico L. Bossi Bonin
By Source