Exploitdb Exploits
2,809 exploits tracked across all sources.
Tr Forum 2.0 - Unauthenticated Authentication Bypass and Admin Account Creation via Admin Insert Endpoint
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
by DarkFig
Tr Forum 2.0 - Privilege Escalation
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
by DarkFig
SoftBB < 0.1 - Path Disclosure via Invalid page[] Parameter
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
by DarkFig
Annuaire 1Two 2.2 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DarkFig
Pheap CMS < 1.1 - Remote File Inclusion via lpref Parameter
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
by Kacper
Lanifex Database of Managed Objects < 2.3_beta - Remote File Inclusion via _incMgr Parameter
PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter.
by Kacper
Albert-EasySite < 1.0a5 - Remote File Inclusion via PSA_PATH Parameter
PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
by Kacper
Wikepage 2006.2a Opus 10 - Directory Traversal via lng Parameter
Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.
by Hessam-x
IntegraMOD Portal 2.x and earlier - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by nukedx
VistaBB <= 2.0.33 - Remote File Inclusion via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php.
by nukedx
All Topics Hack < 1.5.0 - SQL Injection via Start Parameter
SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter.
by SpiderZ
IntegraMOD Portal 2.x and earlier - Absolute Path Traversal via phpbb_root_path Parameter
Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter.
by nukedx
MDaemon < 9.0.6 - Heap-Based Buffer Overflow via Long USER or APOP Command
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.
by Leon Juranic
Mozilla Firefox 1.5.0.6 - FTP Request Remote Denial of Service
by Tomas Kempinsky
SimpleBlog < 2.0 - SQL Injection via comments.asp id Parameter
SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ASIANEAGLE
Firefox 1.5.0.6 - Denial of Service via Crafted FTP Response
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
by anonymous
Microsoft Windows 2000, XP, and Server 2003 - Denial of Service via Crafted PNG IHDR Block
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
by Preddy
Fusion News 3.7 - Remote File Inclusion via fpath Parameter
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
by O.U.T.L.A.W
phpay 2.02-2.02.1 - Open Mail Relay via Modified Mail Parameters
nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information.
by beford
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
by K-sPecial
SAPID CMS 1.2.3_rc3 - 'rootpath' Remote Code Execution
by simo64
phpmyring < 4.2 - SQL Injection via idsite Parameter
SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter.
by simo64
xchat < 2.6.7 - Denial of Service via PRIVMSG Command
Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"
by Elo
TWiki 4.0.0-4.0.4 - Remote Code Execution via Configure Script TYPEOF Parameter
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
by Javier Olascoaga
Mac OS X 10.3.5-10.3.6 - Local Buffer Overflow via CF_CHARSET_PATH Environment Variable
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
by Kevin Finisterre
By Source