Exploitdb Exploits
31,344 exploits tracked across all sources.
PaysiteReviewCMS 1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
by Valentin Hoebel
PaysiteReviewCMS 1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
by Valentin Hoebel
Joomla! com_jgen 0.9.33 - SQL Injection
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
by **RoAd_KiLlEr**
IBM Lotus Domino <8.0.2 FP5-8.5.1 FP2 - RCE
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
by A. Plaskett
freediscussionforums 1.0 - Multiple Vulnerabilities
by Abysssec
UCenter Home 2.0 - SQL Injection
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
by KnocKout
Joomla! Component com_mtree 2.1.5 - Arbitrary File Upload
by jdc
Intermesh Group-Office 3.5.9 - SQL Injection
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.
by ViciOuS
MyHobbySite 1.01 - SQL Injection / Authentication Bypass
by YuGj VN
Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection
by CoBRa_21
eshtery CMS - SQL Injection
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.
by Abysssec
HP Data Protector Media Operations 6.11 (Multiple Modules) - Null Pointer Dereference Denial of Service
by d0lc3
YOPS - Web Server Remote Command Execution
by Rodrigo Escobar
Symphony CMS <2.1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
by JosS
Apple Iphone OS < 4.1 - Memory Corruption
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
by Jose A. Vazquez
Symphony CMS <2.1.1 - SQL Injection
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
by JosS
JPhone <1.0 Alpha 3 - Path Traversal
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by Chip d3 bi0s
Haudenschilt FCMS <2.2.3 - RCE
Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.
by LoSt.HaCkEr
By Source