Exploitdb Exploits
31,344 exploits tracked across all sources.
Pulsecms Pulse Cms < 1.2.8 - Path Traversal
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
by Mark Stanislav
HotWebScripts HotWeb Rentals - SQL Injection
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
by R4dc0re
GateSoft DocuSafe <4.1.2 - SQL Injection
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
by R4dc0re
Ecommercemax Solutions DGS <1.5 - SQL Injection
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.
by R4dc0re
Wireshark - Memory Corruption
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
by Nephi Johnson
Techno Dreams FAQ Manager Package 1.0 - 'faqlist.asp' SQL Injection
by R4dc0re
Techno Dreams Articles & Papers Package 2.0 - 'ArticlesTablelist.asp' SQL Injection
by R4dc0re
Techno Dreams Job Career Package 3.0 - SQL Injection
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.
by R4dc0re
Techno Dreams (T-Dreams) Cars Ads Package 2.0 - SQL Injection
SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
by R4dc0re
Dejcom Market CMS - 'showbrand.aspx' SQL Injection
by Mormoroth
ASPSiteWare Contact Directory 1.0 - SQL Injection
by R4dc0re
Alguest 1.1 - Multiple Cookie Authentication Bypass Vulnerabilities
by Aliaksandr Hartsuyeu
Easy Travel Portal 2 - 'travelbycountry.asp' SQL Injection
by Ulrik Persson
Dotnetnuke - XSS
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.
by Richard Brain
ProFTPD <1.3.3c - RCE
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.
by anonymous
CVSS 9.8
Joomla! Component Annuaire - 'index.php?id' SQL Injection
by Ashiyane Digital Security Team
By Source