Exploitdb Exploits
2,809 exploits tracked across all sources.
MySQL Eventum <= 1.5.5 - SQL Injection via Multiple Functions
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
by GulfTech Security
Ipswitch IMail < 8.2 Hotfix 2 - Remote Code Execution via IMAP LOGIN Command
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
by kingcope
BusinessMail 4.60.00 - Denial of Service via Long SMTP HELO or MAIL FROM Command
Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands.
by Reed Arvin
ftpshell_server 3.38 - Authenticated Denial of Service via Repeated Connection Without QUIT
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
by Reed Arvin
FtpLocate 2.02 - Remote Command Execution via flsearch.pl Shell Metacharacters
flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.
by newbug
Intruder Client 1.00 - Remote Command Execution / Denial of Service
by basher13
Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC)
by kcope
Small HTTP Server 3.05.28 - Arbitrary Data Execution
by basher13
DG Remote Control Server 1.6.2 - Denial of Service and Possible Remote Code Execution via Long TCP Message
DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow.
by basher13
Cisco VoIP Phone CP-7940 3.x - Spoofed SIP Status Message Handling
by DrFrancky
eRoom 6.0 PlugIn - Insecure File Download Handling
by c0ntex
Drupal 4.5.0-4.5.3, 4.6.0-4.6.1 - Remote Code Execution via Public Comment or Posting
Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.
by dab
XOOPS <= 2.0.11 - SQL Injection via XMLRPC LoginUser Function
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
by RusH
PEAR XML_RPC < 1.3.0 and PHPXMLRPC < 1.1 - Remote Code Execution via Unsanitized XML Input
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
by Mike Rifone
PEAR XML_RPC < 1.3.0 and PHPXMLRPC < 1.1 - Remote Code Execution via Unsanitized XML Input
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
by dukenn
phpBB 2.0.15 - 'highlight' Database Authentication Details
by SecureD
Cacti < 0.8.6d - Remote Code Execution via top_graph_header.php config[library_path] Parameter
PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.
by Alberto Trivero
WordPress <= 1.5.1.2 - SQL Injection via HTTP_RAW_POST_DATA
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
by GulfTech Security
Community Link Pro - 'login.cgi?File' Remote Command Execution
by spher3
PlanetDNS PlanetFileServer - Remote Buffer Overflow (PoC)
by fRoGGz
By Source