Exploitdb Exploits
2,814 exploits tracked across all sources.
KnowledgebasePublisher 1.2 - RCE
PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter.
by uid0
Simple PHP Blog <0.4.7.1 - Path Traversal
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
by rgod
Apple Mac OS X - Buffer Overflow
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
by Kevin Finisterre
Ubuntu 5.10 - Info Disclosure
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.
by Kristian Hermansen
Guestbook Script 1.7 - 'include_files' Remote Code Execution
by rgod
Matt Johnston Dropbear SSH server <0.47 - DoS
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30.
by str0ke
UnrealIRCd 3.2.3 - DoS
UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."
by Brandon Milner
Light Weight Calendar (LWC) 1.0 - Code Injection
Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.
by Hessam-x
D2KBlog <1.0.3 - SQL Injection
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.
by DevilBox
RevilloC MailServer and Proxy <1.21 - RCE
Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command.
by securma massine
OWL Intranet Engine 0.82 - RCE
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
by rgod
Cilem Haber - SQL Injection
SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name.
by nukedx
D2-Shoutbox 4.2 - SQL Injection
SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).
by SkOd
Dxmsoft XM Easy Personal FTP Server - Buffer Overflow
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.
by luka.research
Fantastic News 2.1.2 - 'script_path' Remote Code Execution
by uid0
Mybulletinboard - SQL Injection
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
by Devil-00
phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)
by cijfer
Datenbank Module < 2.7 - SQL Injection
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
by nukedx
Vubb - SQL Injection
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie.
by KingOfSka
phpRPC <0.7 - Code Injection
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
by LorD
Limbo CMS <1.0.4.2-1.0.4.1 - RCE
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.
by str0ke
Mac OS X <10.3.9, <10.4.5 - Privilege Escalation
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
by vade79
Farsinews - Path Traversal
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
by Hessam-x
Freebsd - Denial of Service
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
by Evgeny Legerov
ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)
by Jerome Athias
By Source