Exploitdb Exploits
2,814 exploits tracked across all sources.
Lifetype - SQL Injection
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
by Alejandro Ramos
Patrice Freydiere ImgSvr - DoS
Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463.
by n00b
Microsoft Excel - Universal Hlink Local Buffer Overflow
by SYS 49152
BXCP 0.3.0.4 - SQL Injection
SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action.
by x23
SturGeoN Upload - RCE
SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
by Jihad BENABRA
Apple Mac OSX 10.4.6 (PPC) - 'launchd' Local Format String
by Kevin Finisterre
MKPortal 1.0.1 - 'index.php' Directory Traversal
by rUnViRuS
Apple Mac OSX 10.4.6 (x86) - 'launchd' Local Format String
by Kevin Finisterre
Microsoft Excel 2003 - Hlink Stack Buffer Overflow (SEH)
by FistFuXXer
Scout Portal Toolkit <1.4.0 - SQL Injection
SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
by simo64
OpenLDAP - DoS
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
by Mu Security research
MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin
by Hessam-x
DreamAccount 3.1 - RCE
PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by CrAsh_oVeR_rIdE
DeluxeBB <1.07 - SQL Injection
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
by Hessam-x
XM Easy Personal FTP Server 5.0.1 - DoS
Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226.
by Jerome Athias
MailEnable Standard <1.92-Enterprise <2.0 - DoS
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.
by db0
Vincent-Leclercq News 5.2 - 'Diver.php' SQL Injection
by DarkFig
DataLife Engine <4.1 - SQL Injection
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
by RusH
Microsoft Hyperlink Object Library - Buffer Overflow
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
by kingcope
FlashBB <1.1.5 - RCE
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
by h4ntu
PicoZip 4.01 - Buffer Overflow
Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.
by c0rrupt
Microsoft Exchange Server 2000 - XSS
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
by Daniel Fabian
MyBB 1.1.2 - RCE
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
by Javier Olascoaga
By Source