Exploitdb Exploits
2,814 exploits tracked across all sources.
PHP Arena Pafiledb - SQL Injection
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
by Alpha_Programmer
Web_Store.cgi - Command Injection
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
by Action Spider
Hauri Virobot Linux Server - Buffer Overflow
Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).
by Kevin Finisterre
Webhints 1.03 - Command Injection
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by MadSheep
Webhints 1.03 - Command Injection
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by Alpha_Programmer
Goodtech Systems Goodtech SMTP Server - Denial of Service
GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character.
by Reed Arvin
Portailphp - SQL Injection
SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.
by Alberto Trivero
Postnuke - SQL Injection
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
by K-C0d3r
Mybulletinboard < 1.00_rc4 - SQL Injection
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
by Alberto Trivero
myBloggie 2.1.1- - SQL Injection
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
by Alberto Trivero
Phpstat - Improper Input Validation
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
by Alpha_Programmer
Invision Power Services Invision Board - SQL Injection
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
by Petey Beege
Maxwebportal - SQL Injection
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
by Alpha_Programmer
PortailPHP 1.3 - 'ID' SQL Injection
by CENSORED Search Vulnerabilities
Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection
by deluxe89
Web-app.org Webapp - Improper Input Validation
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
by Alpha_Programmer
Photopost Php Pro - SQL Injection
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.
by basher13
I-Mall Commerce - RCE
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
by Jerome Athias
Ce/Ceterm <2.5.4 - Local Privilege Escalation
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
by Kevin Finisterre
Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow
by Reed Arvin
Convert-UUlib <1.051 - RCE
Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.
by CorryL
MailEnable <1.04 - RCE
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
by CorryL
E-Cart 2004 <1.1 - RCE
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
by z
Microsoft Exchange Server - Out-of-Bounds Write
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
by Evgeny Pinchuk
By Source