Exploitdb Exploits
31,394 exploits tracked across all sources.
Joomla! Component com_b2portfolio 1.0.0 - Multiple SQL Injections
by Salvatore Fresta
WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure
by AutoSec Tools
WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting
by AutoSec Tools
RSS Feed Reader 0.1 for WordPress - Cross-Site Scripting via rss_url Parameter
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
by AutoSec Tools
WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting
by AutoSec Tools
PHPCMS 2008 V2 - SQL Injection via modelid Parameter
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
by R3d-D3V!L
Pixie CMS 1.0.4 - '/admin/index.php' SQL Injection
by High-Tech Bridge SA
PHPCMS 2008 V2 - SQL Injection via where_time Parameter
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
by R3d-D3V!L
PHP LOW BIDS - SQL Injection via viewfaqs.php cat Parameter
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by h4ck3r
Simploo CMS < 1.7.1 - Authenticated PHP Code Injection via FTP-Server Parameter
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
by David Vieira-Kurz
com_allcinevid 1.0.0 - SQL Injection via id Parameter
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Salvatore Fresta
CakePHP 1.2.8-1.3.5 - Remote Code Execution via Unserialize in Security Component
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
by felix
B-Cumulus - 'tagcloud' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
Pango < 1.28.3 - Heap-Based Buffer Overflow via Crafted Font File
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
by Dan Rosenberg
PHPCMS 2008 V2 - SQL Injection via where_time Parameter
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
by R3d-D3V!L
Teams Structure module 3.0 - SQL Injection via team_id Parameter
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
by Saif
Linux Kernel < 2.6.37 - Unauthorized Information Exposure via Proc Filesystem
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
by halfdog
Kingsoft AntiVirus 2011 SP5.2 - Denial of Service via KiFastCallEntry Hook
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
by MJ0011
Seopanel - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php.
by Mark Stanislav
By Source