Exploitdb Exploits
2,814 exploits tracked across all sources.
albinator <2.0.8 - RCE
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.
by webDEViL
FtrainSoft Fast Click <2.3.8 - RCE
PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.
by R@1D3N
Invision Power Services Invision Power Board < 2.1.4 - SQL Injection
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
by Ykstortion Security
Aardvark Topsites PHP <4.2.2 - RCE
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
by cijfer
Invision Power Board 2.1.5 - 'search.php' Remote Code Execution
by Javier Olascoaga
phpBB Advanced Guestbook <2.4.0 - RCE
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
by n0m3rcy
phpBB TopList <1.3.8 - RCE
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
by FOX_MULDER
BL4 SMTP Server < 0.1.4 - Buffer Overflow
Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands.
by Dedi Dwianto
Invision Power Board <2.1.x-2.0.x - RCE
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
by RusH
OCE North America 3121 Printer - Memory Corruption
parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow.
by sh4d0wman
Flexbb - SQL Injection
SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.
by Devil-00
MyGamingLadder 7.0 - RCE
PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter.
by nukedx
Symantec Scan Engine <5.1.0.7 - Privilege Escalation
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
by Marc Bevand
Simplog < 0.9.3 - SQL Injection
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
by nukedx
Corenews < 2.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.
by nukedx
PHP Net Tools 2.7.1 - Command Injection
nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.
by FOX_MULDER
Internet Photoshow 1.3 - RCE
PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by Hessam-x
Flexbb < 0.5.5 - SQL Injection
SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter.
by Devil-00
SimpleBBS <1.1 - Path Traversal
Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.
by rUnViRuS
quizz 1.01 - 'quizz.pl' Remote Command Execution
by FOX_MULDER
Censtore <7.3.002 - RCE
censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
by FOX_MULDER
Sphider <1.3 - RCE
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
by rgod
phpBB 2.0.19 - 'user_sig_bbcode_uid' Remote Code Execution
by RusH
By Source