Exploitdb Exploits
31,344 exploits tracked across all sources.
Joomla! com_cbe <1.4.10 - Path Traversal
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.
by Delf Tonder
Chipmunk Pwngame 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information.
by KnocKout
Lantern CMS - '11-login.asp' Cross-Site Scripting
by High-Tech Bridge SA
Truworth Flex Timesheet - SQL Injection
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
by KnocKout
Oracle Solaris 8-11 Express - DoS
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
by Maksymilian Arciemowicz
xWeblog 2.2 - SQL Injection
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
by KnocKout
Backbone Technology Expression 18.9.2010 - Cross-Site Scripting
by High-Tech Bridge SA
Adobe Acrobat - Improper Input Validation
Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
by Knud & nSense
SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting
by Moritz Naumann
CAG CMS 0.2 Beta - SQL Injection
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
by Shamus
NetWin Surgemail <4.3g - XSS
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
by Kerem Kocaer
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)
by Abysssec
DNET Live-Stats <0.8 - Path Traversal
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
by blake
TinyMCE MCFileManager 2.1.2 - Arbitrary File Upload
by Hackeri-AL
Aprox CMS Engine 6.0 - Multiple Vulnerabilities
by Stephan Sattler
TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting
by KnocKout
By Source