Exploitdb Exploits
1,269 exploits tracked across all sources.
Mihalism Multi Host - SQL Injection
SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.
by Moubik
WordPress <2.3.2 - Authenticated RCE
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
by Alexander Concha
Yahoo Music Jukebox - Memory Corruption
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
by anonymous
Yahoo Music Jukebox - Memory Corruption
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623.
by anonymous
Wordpress Wassup Plugin < 1.4.3 - SQL Injection
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.
by enter_the_dragon
Wordpress Adserve - SQL Injection
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by enter_the_dragon
Firebird < 1.0.3 - Numeric Error
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
by Damian Frizza
Php - Access Control
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
by Maksymilian Arciemowicz
Coppermine Photo Gallery <1.4 - SQL Injection
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
by RST/GHC
Francisco Burzi Php-nuke < 8.0_final - SQL Injection
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
by RST/GHC
Coppermine Photo Gallery <1.4 - SQL Injection
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
by bazik
Coppermine-gallery Coppermine Photo Gallery < 1.4.14 - SQL Injection
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
by bazik
Pixelpost - SQL Injection
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.
by Silentz
Mybulletinboard - Code Injection
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
by Silentz
Docebo <3.5.0.3 - SQL Injection
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
by rgod
Evilsentinel < 1.0.9 - Access Control
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.
by BlackHawk
Evilsentinel < 1.0.9 - Authentication Bypass
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
by BlackHawk
Domphp < 0.81 - SQL Injection
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.
by j0j0
Docebo <3.5.0.3 - SQL Injection
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
by EgiX
Uploadscript Uploadimage - Access Control
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
by Dj7xpl
Uploadscript Uploadimage - Access Control
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
by Dj7xpl
Docebo <3.5.0.3 - Info Disclosure
Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.
by EgiX
Codeworx Technologies Dcp-portal - SQL Injection
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
by x0kster
Valve Software Half-Life Counter-Strike 1.6 - DoS
Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets.
by Eugene Minaev
By Source