Exploitdb Exploits
2,814 exploits tracked across all sources.
Saphplesson - SQL Injection
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
by SnIpEr_SA
Pwsphp - SQL Injection
SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by papipsycho
Igenus Webmail - Code Injection
config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.
by rgod
G2soft Pentacle In-out Board - SQL Injection
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
by nukedx
Phpwebsite - SQL Injection
SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by SnIpEr_SA
Microsoft WMP <10 - RCE
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
by Matthew Murphy
Admbook <1.2.2 - Code Injection
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
by rgod
Mini-nuke Cms < 1.8.2 - SQL Injection
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
by nukedx
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4619. Reason: This candidate is a duplicate of CVE-2005-4619. Notes: All CVE users should reference CVE-2005-4619 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by RusH
Gravity Board X <1.1 - Code Injection
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.
by RusH
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
by cijfer
MyBulletinBoard (MyBB) 1.03 - Multiple SQL Injections
by HACKERS PAL
Fortinet FortiGate 2.8 - Auth Bypass
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.
by Mathieu Dessus
Valve Software Half-life Cstrike Dedicated Server - Memory Corruption
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015.
by Firestorm
Invision Power Services Invision Power Board - Denial of Service
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
by SkOd
Dale Ray MyQuiz 1.01 - Command Injection
myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.
by Hessam-x
Kinesphere Corporation Exchange Pop3 - Buffer Overflow
Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument.
by securma massine
Dragoran Portal Module - SQL Injection
SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by SkOd
xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution
by cijfer
Karjasoft Sami FTP Server - Buffer Overflow
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
by Critical Security
By Source