Exploitdb Exploits
1,269 exploits tracked across all sources.
Tinybrowser < 1.5.13 - Unrestricted File Upload
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.
by daath
CVSS 9.8
PHP 5.2.11/5.3.0 - Multiple Vulnerabilities
by Maksymilian Arciemowicz
Runcms - SQL Injection
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.
by Nine:Situations:Group::bookoo
IBM Informix Client SDK - Numeric Error
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.
by bruiser
Empire CMS 5.1 - SQL Injection
SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.
by Securitylab Security Research
Alphaplug Com Alphauserpoints - SQL Injection
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
by jdc
Apple Safari - Improper Input Validation
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
by cloud
Siemens Gigaset Se361 Wlan Router - Denial of Service
The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723.
by crashbrz
BF Survey Pro Free <1.2.6 - SQL Injection
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.
by jdc
osCommerce <2.2 RC2a - RCE
osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to upload a .php file containing arbitrary code, which is then executed by the server.
by flyh4t
Google Chrome 6.0.472 - 'Math.Random()' Random Number Generation
by Amit Klein
Kunena Forum <1.5.4 - SQL Injection
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.
by ilker Kandemir
PHP <5.3.0 - Info Disclosure
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
by Maksymilian Arciemowicz
PHP <5.3.0 - Info Disclosure
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
by Maksymilian Arciemowicz
PHP 5.3 - 'mail.log' Configuration Option 'open_basedir' Restriction Bypass
by Maksymilian Arciemowicz
Joomla! Component com_pms 2.0.4 - 'Ignore-List' SQL Injection
by M4dhead
Arab Portal 2.x - SQL Injection
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
by rEcruit
Allomani Audio & Video Library (Songs & Clips) <2.7.0 - SQL Injection
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by Qabandi
Allomani Movies Library <2.7.0 - SQL Injection
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by Qabandi
Allomani Mobile - SQL Injection
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by Qabandi
Pixaria Gallery - Path Traversal
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.
by Qabandi
e107 Plugin my_gallery 2.4.1 - 'readfile()' Local File Disclosure
by NoGe
By Source