Exploitdb Exploits
1,269 exploits tracked across all sources.
Pinnaclesys Pinnacle Studio - Path Traversal
Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. NOTE: this can be leveraged for code execution by decompressing a file to a Startup folder. NOTE: some of these details are obtained from third party information.
by Nine:Situations:Group
Pinnaclesys Pinnacle Studio - Path Traversal
InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file.
by Nine:Situations:Group
Maxcms - SQL Injection
SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action.
by Securitylab.ir
Bitweaver < 2.6 - Code Injection
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.
by Nine:Situations:Group
Smarty - Improper Input Validation
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
by Nine:Situations:Group
Bitweaver < 2.6 - Path Traversal
Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.
by Nine:Situations:Group
Php < 5.2.14 - Improper Input Validation
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
QuiXplorer <2.3.2 - Path Traversal
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
by EgiX
Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet - Denial of Service
by ikki
Intelliants Elitius - Unrestricted File Upload
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
by G4N0K
Zoom Player Pro 3.30 - '.m3u' Local Buffer Overflow (SEH)
by Nine:Situations:Group
Icewarp Merak Mail Server - Memory Corruption
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method.
by Nine:Situations:Group
LightBlog 9.9.2 - 'register.php' Remote Code Execution
by EgiX
Dokeos Lms 1.8.5 - 'whoisonline.php' PHP Code Injection
by EgiX
Geeklog 1.5.2 - 'usersettings.php' SQL Injection
by Nine:Situations:Group::bookoo
Geeklog 1.5.2 - 'savepreferences()/*blocks[]' SQL Injection
by Nine:Situations:Group
FTPDMIN 0.96 (Windows XP SP3) - 'RNFR' Remote Buffer Overflow
by surfista
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass
by Maksymilian Arciemowicz
Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection
by Nine:Situations:Group
Glfusion < 1.1.2 - SQL Injection
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
by Nine:Situations:Group
Glfusion < 1.1.2 - Cryptographic Issue
glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.
by Nine:Situations:Group
Podcast Generator < 1.1 - Access Control
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
by BlackHawk
Podcast Generator < 1.1 - Code Injection
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
by BlackHawk
W3 Amaya - Memory Corruption
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.
by Alfons Luja
By Source