Exploitdb Exploits
31,346 exploits tracked across all sources.
Joomla! Component Jreservation - Blind SQL Injection
by B-HUNT3|2
JE Quiz (com_jequizmanagement) 1.b01 - SQL Injection via eid Parameter
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php.
by B-HUNT3|2
Ingres Database 9.3 - Heap Buffer Overflow
by Evgeny Legerov
hybserv2 1.9.2-1.9.4 - Denial of Service via MemoServ Private Message
mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a ":help \t" private message to the MemoServ service.
by Julien Cristau
Comtrend CT-507IT ADSL Router - Cross-Site Scripting via scvrtsrv.cmd srvName Parameter
Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter.
by Yoyahack
NovaBoard 1.1.2 - SQL Injection via forums[] Parameter
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search action.
by Delibey
Joomla! com_jvideodirect 1.1 RC3b - SQL Injection
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php.
by B-HUNT3|2
Joomla! Component com_kunena - Blind SQL Injection
by B-HUNT3|2
com_ccnewsletter 1.0.5 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
by AtT4CKxT3rR0r1ST
CVSS 5.8
com_ccnewsletter 1.0.5 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
by B-HUNT3|2
CVSS 5.8
Battery Life Toolkit 1.0.9 - 'bltk_sudo' Local Privilege Escalation
by Matthew Garrett
PaperThin CommonSpot Content Server - Cross-Site Scripting via URL Parameter in utilities/longproc.cfm
Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter.
by Richard Brain
IBM DB2 9.1-9.7 - Authenticated Heap-Based Buffer Overflow via REPEAT Function
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
by Evgeny Legerov
Joomla! Component VirtueMart Module Customers_who_bought - SQL Injection
by B-HUNT3|2
Joomla! Component com_virtuemart - order_status_id SQL Injection
by B-HUNT3|2
SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting
by Richard Brain
HP System Management Homepage 3.0.2 - 'servercert' Cross-Site Scripting
by Richard Brain
PostgreSQL 7.4-7.4.28 - Denial of Service via Negative Integer in bitsubstr Function
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
by Intevydis
Geo++ GNCASTER < 1.4.0.7 - Denial of Service via Long URI Request
Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI.
by RedTeam Pentesting GmbH
Joomla! Component 3D Cloud - 'tagcloud.swf' Cross-Site Scripting
by MustLive
Cisco Secure Desktop < 3.5 - Cross-Site Scripting via Crafted POST Parameter
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
by Matias Pablo Brutti
com_mochigames 0.51 - SQL Injection via id Parameter
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by B-HUNT3|2
By Source