Exploitdb Exploits
1,269 exploits tracked across all sources.
VivaPrograms Infinity <2.0.5 - RCE
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.
by Qabandi
Morcegocms < 1.7.6 - SQL Injection
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
by darkjoker
Mlffat 2.2 - SQL Injection
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
by Qabandi
YourTube 2.0 - Arbitrary Database Disclosure
by Security Code Team
Zen Cart <1.3.8a-1.3.8 - RCE
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.
by BlackH
Phpmyadmin < 2.11.9.5 - Code Injection
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
by Hacking Expose!
CVSS 9.8
MyBB <1.4.7 - SQL Injection
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
by The:Paradox
Multiple HTTP Server - Low Bandwidth Denial of Service (2)
by evilrabbi
DB Top Sites 1.0 - Code Injection
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.
by SirGod
Sniggabo CMS - 'article.php?id' SQL Injection
by Lidloses_Auge
PeaZIP <2.6.1-2.5.1 - Command Injection
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
by Nine:Situations:Group
Podcast Generator 1.2 - Unauthorized Re-Installation
by StAkeR
ICQ 6.5 - Buffer Overflow
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file.
by Nine:Situations:Group
Joomla! < 1.5.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.
by Juan Galiana Lara
jetAudio <7.5.3.15 - Buffer Overflow
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information.
by Nine:Situations:Group
JetAudio <7.5.3.15 - Buffer Overflow
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Nine:Situations:Group
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
by racle
Joomla Com Gsticketsystem - SQL Injection
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
by InjEctOr5
Harland Scripts 11 - Products Remote Command Execution
by G4N0K
Strawberry - Path Traversal
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.
by [AVT]
By Source