Exploitdb Exploits
31,342 exploits tracked across all sources.
Cms-center Simple Web Content Management System - SQL Injection
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.
by loneferret
Ganesha Digital Library 4.0 - Multiple Vulnerabilities
by X-Cisadane
Winradius - Denial of Service
WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet.
by demonalex
PHP Volunteer Management System v1.0.2 - Code Injection
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.
by Ashoo
Yamamah Photo Gallery 1.1 - Database Information Disclosure
by L3b-r1'z
PHP Volunteer Management System 1.0.2 - Multiple SQL Injections
by loneferret
Nilehoster Topics Viewer 2.3 - Multiple SQL Injections / Local File Inclusion
by n4ss1m
b2ePms 1.0 - Multiple SQL Injection Vulnerabilities
by loneferret
AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities
by AkaStep
DynPage 1.0 - 'ckfinder' Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
phpCollab 2.5 - Direct Request Multiple Protected Page Access
by team ' & 1=1--
PHPCollab 2.5 - 'uploadfile.php' Crafted Request Arbitrary Non-PHP File Upload
by team ' & 1=1--
Jaow <2.4.5 - SQL Injection
SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter.
by kallimero
Wireshark - Numeric Error
Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.
by Laurent Butti
Wireshark <1.4.13 & 1.6.x <1.6.8 - DoS
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
by Klaus Heckelmann
Wireshark <1.4.13, <1.6.8 - DoS
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.
by Wireshark
mod_auth_openid <0.7 - Info Disclosure
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
by Peter Ellehauge
Symantec Endpoint Protection/SNAC <11.0.710x - Privilege Escalation
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
by 41.w4r10r
Yellow Duck Framework 2.0 Beta1 - Local File Disclosure
by L3b-r1'z
Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
by AkaStep
By Source