Exploitdb Exploits
2,809 exploits tracked across all sources.
BXCP 0.3.0.4 - SQL Injection via 'where' Parameter in view Action
SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action.
by x23
SturGeoN Upload - Unauthenticated Arbitrary PHP Code Execution via File Upload
SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
by Jihad BENABRA
Apple Mac OSX 10.4.6 (PPC) - 'launchd' Local Format String
by Kevin Finisterre
MKPortal 1.0.1 - 'index.php' Directory Traversal
by rUnViRuS
Apple Mac OSX 10.4.6 (x86) - 'launchd' Local Format String
by Kevin Finisterre
Microsoft Excel 2003 - Hlink Stack Buffer Overflow (SEH)
by FistFuXXer
Scout Portal Toolkit <1.4.0 - SQL Injection
SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
by simo64
Apple Mac OS X 10.4-10.4.6 - Denial of Service via Invalid LDAP Request
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
by Mu Security research
MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin
by Hessam-x
DreamAccount 3.1 - Remote File Inclusion via Admin Index Path Parameter
PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by CrAsh_oVeR_rIdE
deluxebb < 1.07 - SQL Injection via cp.php xmsn Parameter
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
by Hessam-x
XM Easy Personal FTP Server 5.0.1 - DoS
Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226.
by Jerome Athias
MailEnable Standard <1.92-Enterprise <2.0 - DoS
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.
by db0
Vincent-Leclercq News 5.2 - 'Diver.php' SQL Injection
by DarkFig
DataLife Engine <4.1 - SQL Injection
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
by RusH
Microsoft Hyperlink Object Library - Buffer Overflow
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
by kingcope
FlashBB < 1.1.5 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
by h4ntu
PicoZip 4.01 - Stack-Based Buffer Overflow via Long Filename in Archive
Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.
by c0rrupt
Microsoft Exchange Server 2000 - XSS
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
by Daniel Fabian
MyBulletinBoard 1.1.2 - Remote Code Execution via Username Field Preg Replace
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
by Javier Olascoaga
Guestex Guestbook 1.00 - 'email' Remote Code Execution
by K-sPecial
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
by kingcope
dmx_forum 2.1a - Information Disclosure via Direct Request to pops/edit.php
Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter.
by DarkFig
By Source