Exploitdb Exploits
1,269 exploits tracked across all sources.
Web-app.org Webapp - Improper Input Validation
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
by Nikyt0x
MySQL <4.0.23 & <4.1.11 - Privilege Escalation
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
by Stefano Di Paola
vBulletin <3.0.4 - Code Injection
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
by AL3NDALEEB
PHP 4.x/5.0 Shared Memory Module - Offset Memory Corruption
by Stefano Di Paola
Trend ScanMail - Info Disclosure
Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file.
by DokFLeed
PHP 4.0 - Open Redirect
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
by FraMe
Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass
by bashis
Mantis Bugtracker - Info Disclosure
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
by Jose Antonio
Gallery <1.4.4_p2 - RCE
The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.
by aCiDBiTS
Jaws 0.3 - Auth Bypass
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
by Fernando Quintero
osTicket - RCE
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.
by Guy Pearce
PHP 4/5 - Input/Output Wrapper Remote File Inclusion Function Command Execution
by Slythers
PHPX <3.2.4 - RCE
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
by Manuel L?pez
Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion
by Yo_Soy
phpBB <2.0.6 - SQL Injection
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
by pokleyzz
Francisco Burzi Php-nuke - SQL Injection
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
by pokleyzz
PHP 4.3.x - Info Disclosure
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
by Michal Krause
MidHosting FTP Daemon 1.0.1 - Shared Memory Local Denial of Service
by Frank DENIS
PHP 4.3.x/5.0 - 'openlog()' Buffer Overflow
Php - Denial of Service
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
Php - Denial of Service
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
Php - Denial of Service
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
By Source