Exploitdb Exploits
31,344 exploits tracked across all sources.
2daybiz Custom T-Shirt Design Script - SQL Injection
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.
by Sangteamtham
Feh < 1.7 - Improper Input Validation
feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
by anonymous
Cisco ASA 5580 - CRLF Injection
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.
by Daniel King
2daybiz Web Template Software - XSS
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
by Sangteamtham
Novell Imanager - Memory Corruption
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
by Core Security Technologies
UFO: Alien Invasion <2.2.1 - RCE
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
by Jason Geffner
OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities
by David Shaw
OneCMS 2.6.1 - 'cat' Cross-Site Scripting
by High-Tech Bridge SA
Realtyna Translator 1.0.15 - Path Traversal
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by MISTERFRIBO
Big Forum 5.2 - Arbitrary File Upload / Local File Inclusion
by Zer0 Thunder
Insanevisions Adapcms - Code Injection
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
by v3n0m
ActiveCollab 2.3.0 - Local File Inclusion / Directory Traversal
by Jose Carlos de Arriba
2daybiz Video Community Portal Script - SQL Injection
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
by Sangteamtham
2daybiz Web Template Software - SQL Injection
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
by Sangteamtham
2DayBiz Real Estate Portal - 'viewpropertydetails.php' SQL Injection
by Sangteamtham
2daybiz Job Site Script - SQL Injection
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.
by Sangteamtham
Novell Imanager - Numeric Error
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.
by Core Security Technologies
Salvo Tomaselli Weborf HTTP Server - Improper Input Validation
Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.
by Crash
Lois Software WebDB 2.0A Script - Multiple SQL Injections
by High-Tech Bridge SA
Harmistechnology Com Jeajaxeventcalendar - SQL Injection
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
by L0rd CrusAd3r
By Source