Exploitdb Exploits
2,809 exploits tracked across all sources.
Inframail Advantage Server Edition 6.0-6.7 - Denial of Service via Long SMTP FROM Field or FTP NLST Command
Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command.
by Reed Arvin
Inframail Advantage Server Edition 6.0-6.7 - Denial of Service via Long SMTP FROM Field or FTP NLST Command
Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command.
by Reed Arvin
ASP Nuke 0.80 - SQL Injection via TaskID Parameter
SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter.
by Alberto Trivero
asp-nuke - SQL Injection via article.asp articleid Parameter
SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
by mh_p0rtal
IA eMailServer Corporate Edition 5.2.2 build 1051 - Denial of Service via IMAP4 LIST Command Format String
Format string vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 build 1051 allows remote attackers to cause a denial of service (application crash) via a LIST command with format string specifiers as the second argument.
by Reed Arvin
PHP-Fusion 5.0 and 6.0 - Unprotected Database File Exposure via Predictable Filename
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.
by Easyex
Solaris 10 - Local Privilege Escalation via Traceroute Argument Handling
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
by Przemyslaw Frasunek
phpBB 2.0.15 - Register Multiple Users (Denial of Service)
by g30rg3_x
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
by RusH
Simple Machine Forum <1.0.4 - SQL Injection
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
by GulfTech Security
CVSS 9.8
MercuryBoard <= 1.1.4 - SQL Injection via User-Agent HTTP Header
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
by RusH
Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service
by Qnix
Claroline 1.5.3-1.6 RC - SQL Injection
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
by K-C0d3r
Ultimate PHP Board 1.9.6 GOLD - users.dat Password Decryptor
by Alberto Trivero
Ultimate PHP Board (UPB) 1.9.6 GOLD - Info Disclosure
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.
by Alberto Trivero
paFileDB <= 3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
by Alpha_Programmer
extropia_webstore - Remote Code Execution via Web_Store.cgi Page Parameter
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
by Action Spider
HAURI ViRobot Linux Server 2.0 - Buffer Overflow via ViRobot_ID Cookie
Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).
by Kevin Finisterre
Webhints 1.03 - Remote Command Execution via Shell Metacharacters
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by MadSheep
Webhints 1.03 - Remote Command Execution via Shell Metacharacters
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by Alpha_Programmer
By Source