Exploitdb Exploits
31,344 exploits tracked across all sources.
Joomla! Component com_people 1.0.0 - Local File Inclusion
by ALTBTA
Epromptc Betmore Site Suite - SQL Injection
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
by h4ck3r
Awbs Advanced Webhost Billing System < 2.9.2 - SQL Injection
SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.
by ShivX
Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' SQL Injection
by ShivX
glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting
by Saif
CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)
by Patrick de Brouwer
Sielcosistemi Winlog Pro < 2.07.00 - Memory Corruption
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
by Luigi Auriemma
Alguest 1.1c-patched - 'elimina' SQL Injection
by Aliaksandr Hartsuyeu
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting
by Saif El-Sherei
Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay
by Jeff Channell
Vamsoft Vam Shop < 1.6.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
Vamshop Vam Shop - XSS
Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.
by High-Tech Bridge SA
Diafan.cms < 5.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.
by High-Tech Bridge SA
Wireshark - Resource Management Error
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
by Fred Fierling
Mono < 2.3.0 - Improper Input Validation
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
by Chris Howie
WikLink 0.1.3 - Multiple SQL Injections
by Aliaksandr Hartsuyeu
Tinybb - SQL Injection
SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.
by Aodrulez
By Source