Exploitdb Exploits
31,342 exploits tracked across all sources.
ClassifiedsGeek.com Vacation Packages - 'listing_search' SQL Injection
by r45c4l
Apache Tomcat - Account Scanner / 'PUT' Request Command Execution
by kingcope
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
by rgod
Pre Printing Press - SQL Injection
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Easy Laster
Iwork Webglimpse < 2.18.7 - Information Disclosure
wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request.
by Websecurity
Pre Printing Press - SQL Injection
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
by r45c4l
Pre Classifieds Listings 1.0 - SQL Injection
SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
by r45c4l
Microsoft Windows 7 - Code Injection
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
by Luigi Auriemma
JPM Article Script 6 - 'page2' SQL Injection
by Vulnerability Research Laboratory
Flexcms < 3.2.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save.
by Ivano Binetti
Sockso Music Host Server <=1.5 - Path Traversal
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.
by Luigi Auriemma
Citrix 11.6.1 - Licensing Administration Console Denial of Service
by Rune
Digium Asterisk - Memory Corruption
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.
by Russell Bryant
asaanCart 0.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.
by Number 7
Phpf1 Max's Guestbook - XSS
Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters.
by n0tch
Epson EventManager 2.50 - Denial of Service
by Luigi Auriemma
Max's PHP Photo Album 1.0 - 'id' Local File Inclusion
by n0tch
Max's Guestbook 1.0 - Multiple Remote Vulnerabilities
by n0tch
By Source