Exploitdb Exploits
31,394 exploits tracked across all sources.
Barracuda Control Center 620 - Multiple Web Vulnerabilities
by Vulnerability-Lab
Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection
by Vulnerability-Lab
FlashPix PlugIn 4.2.2.0 for IrfanView - Denial of Service via Crafted FPX Image
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
by Francis Provencher
IrfanView < 4.32 - Remote Code Execution via TIFF Rows Per Strip and Samples Per Pixel
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
by Francis Provencher
TikiWiki CMS/Groupware < 8.1 - Cross-Site Scripting via tiki-cookie-jar.php Parameters
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
by Stefan Schurtz
PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
Joomla! Component com_tsonymf - 'idofitem' SQL Injection
by CoBRa_21
Joomla! Component com_caproductprices - 'id' SQL Injection
by CoBRa_21
Cyberoam Unified Threat Management < 10.01.2 - Authenticated SQL Injection via tableid Parameter
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.
by Benjamin Kunz Mejri
appRain CMF 0.1.5 - Cross-Site Scripting via Search Module ss Parameter
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
by Vulnerability-Lab
PHP Booking Calendar 10e - Cross-Site Scripting via page_info_message Parameter
Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.
by G13
DotA OpenStats <= 1.3.9 - SQL Injection via Index.php ID Parameter
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by HvM17
appRain CMF 0.1.5 - SQL Injection via PATH_INFO in Forum Module
SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
by Vulnerability-Lab
Microsoft Windows GDI - Remote Code Execution via IFRAME Height Attribute
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
by webDEViL
Video Community Portal - 'userID' SQL Injection
by Lazmania61
Novell Sentinel Log Manager < 1.2.0.1_938 - Authenticated Path Traversal via FileDownload Filename Parameter
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
by Andrea Fabrizi
Social Network Community 2 - 'userID' SQL Injection
by Lazmania61
PHP Flirt-Projekt 4.8 - SQL Injection via rub Parameter
SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.
by Lazmania61
Seotoaster < 1.9 - SQL Injection via Login or Member Login Parameter
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
by Stefan Schurtz
Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities
by Avram Marius
capexweb 1.1 - SQL Injection via dfuserid and dfpassword Parameters
Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.
by D1rt3 Dud3
Owl Intranet Engine 1.00 - 'userid' Authentication Bypass
by RedTeam Pentesting GmbH
Websense 7.6 Triton - 'ws_irpt.exe' Remote Command Execution
by Ben Williams
Websense 7.6 Products - 'favorites.exe' Authentication Bypass
by Ben Williams
By Source