Exploitdb Exploits
31,344 exploits tracked across all sources.
Direct News 4.10.2 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information.
by mat
Jenkins Software RakNet 3.72 - Remote Integer Underflow
by Luigi Auriemma
Lexmark x94x - Stack-based Buffer Overflow via PJL INQUIRE Command
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command.
by Francis Provencher
vBulletin Blog 4.0.2 - Title Cross-Site Scripting
by FormatXformat
Joomla! Component com_wallpapers - SQL Injection
by DevilZ TM
Joomla! Component com_universal - Remote File Inclusion
by eidelweiss
J!Research (com_jresearch) - Path Traversal via Controller Parameter
Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by Chip d3 bi0s
Mozilla Firefox < 2.0.2 - Memory Corruption
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.
by Bob Clary
Uiga Business Portal - 'index.php' SQL Injection
by Easy Laster
Springsource Application Management Suite < 2.0.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."
by Aaron Kulick
RepairShop2 1.9.023 Trial - Cross-Site Scripting via prod Parameter
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.
by kaMtiEz
Lussumo Vanilla < 1.1.10 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.
by eidelweiss
Gelembjuk Com Smestorage < 1.0 - Path Traversal
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
by Chip d3 bi0s
Com-property Com Properties - Path Traversal
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by Chip d3 bi0s
By Source