Exploitdb Exploits
31,394 exploits tracked across all sources.
PHP 5.3.5 - Denial of Service via Invalid Size Argument in grapheme_extract
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
by Maksymilian Arciemowicz
PHP 5.3.5 - Denial of Service via Invalid Size Argument in grapheme_extract
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
by Maksymilian Arciemowicz
mySeatXT 0.164 - 'lang' Local File Inclusion
by AutoSec Tools
Rae Media INC Real Estate <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
by R4dc0re
Rae Media INC Real Estate <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
by R4dc0re
Wikipad 1.6.0 - Cross-Site Scripting / HTML Injection / Information Disclosure
by High-Tech Bridge SA
Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload
by s3rg3770 & Chuzz
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
Pixelpost 1.7.3 - Authenticated SQL Injection via findfid, id, selectfcat, selectfmon, or selectftag Parameter
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
by LiquidWorm
Dokeos 1.8.6 2 - 'style' Cross-Site Scripting
by AutoSec Tools
Horde < 3.2.4 and 3.3.3 and Horde Groupware < 1.1.5 - Remote Code Execution via Image Driver Path Traversal
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
by skysbsb
By Source