Exploitdb Exploits
31,346 exploits tracked across all sources.
Joomla! Component com_gambling - 'gamblingEvent' SQL Injection
by md.r00t
AutartiTarot (com_autartitarot) 1.0.3 - Path Traversal
Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information.
by B-HUNT3|2
Alegrocart - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.
by The.Morpheus
Evernew Free Joke Script 1.2 - SQL Injection via viewjokes.php id Parameter
SQL injection vulnerability in viewjokes.php in Evernew Free Joke Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hamza 'MizoZ' N.
EmiratesHost - Insecure Cookie Authentication Bypass
by jago-dz
Linux Kernel < 2.6.32.8 - Denial of Service via ELF Interpreter Handling
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.
by Mathias Krause
Joomla! Component com_rsgallery2 2.0 - 'catid' SQL Injection
by snakespc
Creative SplashWorks-SplashSite - 'page.php' Blind SQL Injection
by AtT4CKxT3rR0r1ST
IBM DB2 - 'kuddb2' Remote Denial of Service
by Evgeny Legerov
phpunity.newsmanager - Path Traversal
Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
by kaMtiEz
JE Event Calendars (com_jeeventcalendar) 1.0 - SQL Injection
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php.
by B-HUNT3|2
Parkview Consultants SimpleFAQ - SQL Injection via catid Parameter
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.
by AtT4CKxT3rR0r1ST
Ossolution Team Documents Seller <2.5.1 - SQL Injection
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php.
by kaMtiEz
(nv2) Awards 1.1.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
by fred777
dotProject 2.1.3 - Cross-Site Scripting / Improper Permissions
by h00die
Xerox Workcenter 4150 - Remote Buffer Overflow (PoC)
by Francis Provencher
PHP Product Catalog - Cross-Site Request Forgery (Change Administrator Password)
by bi0
By Source