Exploitdb Exploits
31,342 exploits tracked across all sources.
Irfanview Flashpix Plugin - Resource Management Error
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
by Francis Provencher
Irfanview < 4.30 - Memory Corruption
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
by Francis Provencher
Tikiwiki Cms/groupware < 8.1 - XSS
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
by Stefan Schurtz
PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
Joomla! Component com_tsonymf - 'idofitem' SQL Injection
by CoBRa_21
Joomla! Component com_caproductprices - 'id' SQL Injection
by CoBRa_21
Elitecore Cyberoam Unified Threat Management < 10.01.0 - SQL Injection
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.
by Benjamin Kunz Mejri
Apprain - XSS
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
by Vulnerability-Lab
Jjwdesign Php Booking Calendar - XSS
Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.
by G13
Neubivljiv Dota Openstats < 1.3.9 - SQL Injection
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by HvM17
Apprain - SQL Injection
SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
by Vulnerability-Lab
Microsoft Windows 7 - Improper Input Validation
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
by webDEViL
Video Community Portal - 'userID' SQL Injection
by Lazmania61
Novell Sentinel Log Manager < 1.2.0.1_938 - Path Traversal
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
by Andrea Fabrizi
Social Network Community 2 - 'userID' SQL Injection
by Lazmania61
Scripte24shop Php Flirt-projekt - SQL Injection
SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.
by Lazmania61
Seotoaster < 1.9 - SQL Injection
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
by Stefan Schurtz
Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities
by Avram Marius
Shilpisoft Capexweb - SQL Injection
Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.
by D1rt3 Dud3
Owl Intranet Engine 1.00 - 'userid' Authentication Bypass
by RedTeam Pentesting GmbH
Websense 7.6 Triton - 'ws_irpt.exe' Remote Command Execution
by Ben Williams
Websense 7.6 Products - 'favorites.exe' Authentication Bypass
by Ben Williams
Websense 7.6 - Triton Report Management Interface Cross-Site Scripting
by Ben Williams
Pulsecms Pulse Cms - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php.
by Avram Marius
By Source