Exploitdb Exploits
31,344 exploits tracked across all sources.
NexusPHP 1.5 - SQL Injection
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by flyh4t
Takeaweb Com Timereturns - SQL Injection
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
by kaMtiEz
BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure
by cr4wl3r
Tsmim Lessons Library - 'show.php' SQL Injection
by M.Jock3R
Activedev Active Cms - XSS
Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action.
by Stefan Schurtz
PHP <5.3.11, 5.4.x <5.4.0RC2 - XSS
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
by Mr. Tokumaru
Cytel Studio <9.0 - Buffer Overflow
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
by Luigi Auriemma
Google Chrome < 14.0.835.163 - Improper Input Validation
Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
by Mario Gomes
GenStat 14.1.0.5943 - Multiple Vulnerabilities
by Luigi Auriemma
Vtiger Crm < 5.2.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php.
by Aung Khant
Vtiger Crm < 5.2.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php.
by Aung Khant
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities
by Ryan Dewhurst
SonicWALL - 'SessId' Cookie Brute Force / Admin Session Hijacking
by Hugo Vazquez
Phorum - XSS
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.
by Stefan Schurtz
Atcom Netvolution - SQL Injection
SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
by Patroklos Argyroudis
GotoCode Online Bookstore - Multiple Vulnerabilities
by Nathaniel Carew
Adobe Photoshop Elements < 8.0 - Memory Corruption
Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296.
by LiquidWorm
Dell Sonicwall Viewpoint - SQL Injection
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.
by Rem0ve
Contao <2.10.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
by Stefan Schurtz
Bananadance Banana Dance < 0.9 - SQL Injection
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Aodrulez
By Source