Exploitdb Exploits
31,344 exploits tracked across all sources.
Joomla! Component com_adds - Blind SQL Injection
by DevilZ TM
Devana < 1.6.6 - SQL Injection via Profile View ID Parameter
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Valentin
68KB Knowledge Base Script 1.0.0rc2 - Search SQL Injection
by Jelmer de Hen
Open Web Analytics OWA <1.2.3 - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
by ITSecTeam
uebimiau 2.7.2-2.7.10 - Cross-Site Scripting via f_email Parameter
Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by cp77fk4r
Simple Machines Forum (SMF) 1.1.8 - 'avatar' Remote PHP File Execute
by JosS
Open Web Analytics (OWA) 1.2.3 - RCE
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.
by ITSecTeam
MyOWNspace 8.2 - Multiple Local File Inclusions
by ITSecTeam
Adam Corley dcsFlashGames - SQL Injection
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by kaMtiEz
CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities
by eidelweiss
BPTutors Tutoring site script - Cross-Site Request Forgery (Add Admin)
by bi0
Safari on Apple iPhone OS 3.1.3 for iPod touch - DoS
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.
by Nishant Das Patnaik
Safari on iPhone OS 3.1.3 - Denial of Service or Remote Code Execution via VML recolorinfo numcolors Attribute
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.
by Nishant Das Patnaik
SAP GUI 7.00 - BExGlobal Active-X unsecure method
by Alexey Sintsov
justVisual CMS 2.0 - Path Traversal
Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.
by eidelweiss
INVOhost 3.4 - SQL Injection via site.php id/newlanguage Parameters
Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information.
by Andrés Gómez
By Source