Exploitdb Exploits
31,344 exploits tracked across all sources.
Digia QT < 4.6.3 - Improper Input Validation
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
by Luigi Auriemma
KMSoft Guestbook - SQL Injection
SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.
by SONIC
InterJoomla ArtForms 2.1b7.2 RC2 - SQL Injection
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
by Salvatore Fresta
InterJoomla ArtForms 2.1b7.2 - XSS
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.
by Salvatore Fresta
Sijio Community Software - XSS
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.
by Sid3^effects
Sijio Community Software - SQL Injection
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
by Sid3^effects
HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow
Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.
by bitform
Worxware DCP-Portal 7.0 - Multiple Cross-Site Scripting Vulnerabilities
by Andrei Rimsa Alvares
Simple Document Management System - SQL Injection
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
by Sid3^effects
Sijio Community Software - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Sid3^effects
RunCMS 2.1 - 'check.php' Cross-Site Scripting
by Andrei Rimsa Alvares
Payments Plus 2.1.5 - SQL Injection
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.
by Sid3^effects
InterJoomla ArtForms <2.1b7.2 - Path Traversal
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
by Salvatore Fresta
Exponent CMS 0.97.0 - XSS
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.
by Andrei Rimsa Alvares
Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
by Luigi Auriemma
IBM BladeCenter - Path Traversal
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
by Alexey Sintsov
IBM BladeCenter AMM <4.7 and 5.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
by Alexey Sintsov
Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service
by muts
sandbox 2.0.3 - Multiple Vulnerabilities
by Salvatore Fresta
By Source