Exploitdb Exploits
1,269 exploits tracked across all sources.
Joomla! Component com_races - Blind SQL Injection
by DevilZ TM
Php - Denial of Service
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
by Auke van Slooten
PHP <5.2.11 & 5.3.x <5.3.1 - Command Injection
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
by Hamid Ebadi
Opera <10.50 - RCE
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
by Marcin Ressel
Joomla! Component com_paxgallery - Blind Injection
by snakespc
Joomla! Component com_Joomlaconnect_be - Blind Injection
by snakespc
PHP <5.2.13, 5.3.1 - Info Disclosure
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
by Grzegorz Stachowiak
ASCET Interactive Huski CMS - 'i' Local File Inclusion
by Wireghoul
Joomla! - SQL Injection
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php.
by FL0RiX
Joomla! Component com_bfsurvey_pro - 'catid' Blind SQL Injection
by FL0RiX
FreeWebShop 2.2.9 R2 - Multiple Remote Vulnerabilities
by Akita Software Security
PHP <5.2.4 - Auth Bypass
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
by Maksymilian Arciemowicz
PHP <5.2.12 - XSS
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
PHP <5.2.12 - XSS
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Joomla! Component com_joomgallery 1.5.x - &func Incorrect Flood Filter
by Jbyte
Adobe Illustrator <14.0.0 - Buffer Overflow
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
by pyrokinesis
Vivid Ads Shopping Cart - 'prodid' SQL Injection
by Yakir Wizman
By Source