Exploitdb Exploits
31,344 exploits tracked across all sources.
Multi-Threaded HTTP Server 1.1 - Directory Traversal (2)
by Dr_IDE
Mongoose <2.8.0 - Info Disclosure
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
by Dr_IDE
vBulletin Two-Step External Link Module - 'externalredirect.php' Cross-Site Scripting
by Edgard Chammas
Openmairie Openregistrecil - Path Traversal
Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069.
by cr4wl3r
Emultisoft Com Jnewspaper - SQL Injection
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Don Tukulesto
Jtmreseller Com Jtm - SQL Injection
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php.
by kaMtiEz
Multi-Threaded HTTP Server 1.1 - Directory Traversal (1)
by chr1x
MIT Kerberos <1.8.2 - Use After Free
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
by Joel Johnson
CMS Ariadna 1.1 - SQL Injection
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.
by Andrés Gómez
HTTP File Server 2.2 - Security Bypass / Denial of Service
by Luigi Auriemma
Avtech Software - ActiveX 'avc781viewer.dll' Multiple Vulnerabilities
by LiquidWorm
Openreglement 1.04 - Local File Inclusion / Remote File Inclusion
by cr4wl3r
Kleophatra CMS 0.1.1 - 'module' Cross-Site Scripting
by anT!-Tr0J4n
GBU Facebook 1.0.5 - SQL Injection
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
by kaMtiEz
CMS Ariadna 1.1 - SQL Injection
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Andrés Gómez
Apple iPhone 3.1.2 - '7D11' Model MB702LL Mobile Safari Denial of Service
by Matthew Bergin
dl_stats < 2.0 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by Valentin Hoebel
Openscrutin 1.03 - Local File Inclusion / Remote File Inclusion
by cr4wl3r
Zimbllc Com Zimbcore - Path Traversal
Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
By Source