Exploitdb Exploits
2,809 exploits tracked across all sources.
Novell eDirectory 8.x-8.8.x - Remote Code Execution via Long HTTP Host Header or Dot in Username
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
by Manuel Santamarina Suarez
Casinosoft Casino Script 3.2 - SQL Injection via cfam Parameter
SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter.
by G1UK
FreeFAQ 1.0.e - Remote File Inclusion via faqpath Parameter
PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
by Alireza Ahari
EPNadmin 0.7 and 0.7.1 - Remote File Inclusion via Langage Parameter
PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.
by Kw3[R]Ln
Ariadne CMS 2.4 - Remote Code Execution via Ariadne Parameter Manipulation
NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005
by Fidel Costa
Asterisk 1.0.x-1.0.11 and 1.2.x-1.2.12 - Remote Code Execution via Skinny Channel Driver Integer Overflow
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
by Noam Rathaus
PHPRecipeBook 2.36 - Remote Code Execution via g_rb_basedir Parameter
PHP remote file inclusion vulnerability in classes/Import_MM.class.php in PHPRecipeBook 2.36, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the g_rb_basedir parameter.
by r0ut3r
ClamAV < 0.88.5 - Denial of Service via Crafted CHM File
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
by Damian Put
Xfire < 1.6.4 - Denial of Service via Long UDP String to Port 25777
Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777.
by n00b
WoltLab Burning Book 1.1.2 - Remote Code Execution via Eval Injection in addentry.php
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
by ShAnKaR
Xcode OpenBase 9.1.5 (OSX) - Root File Create Privilege Escalation
by Kevin Finisterre
phpburningportal_quiz-modul < 1.0.1 - Remote Code Execution via lang_path Parameter
Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php.
by r0ut3r
phpBBFM 206-3-3 - 'phpbb_root_path' Remote File Inclusion
by Kamalian
Xcode OpenBase 9.1.5 (OSX) - Local Privilege Escalation
by Kevin Finisterre
SpamOborona 1.0b - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion
by Nima Salehi
phpBB SearchIndexer - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion
by Nima Salehi
Prillian French < 0.8.0 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
PlusXL 20_272 and earlier - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
News Defilante Horizontale <4.1.1 - RCE
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
lat2cyr < 1.0.1 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
phpBB AMAZONIA MOD - Remote File Inclusion via zufallscodepart.php phpbb_root_path Parameter
PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
phpBB - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
By Source