Exploitdb Exploits
31,346 exploits tracked across all sources.
Joomla! com_joomportfolio 1.0.0 - SQL Injection
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php.
by Fl0riX & Snakespc
Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities
by bi0
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
cPanel 11.0-11.24.7 - Cross-Site Scripting via Fileop Parameter
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
by RENO
Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass
by David Eduardo Acosta Rodriguez
Multi-Lingual Application - Blind SQL Injection
by R3d-D3V!L
eWebquiz 8 - SQL Injection via QuizID Parameter
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.
by R3d-D3V!L
Charon Cart 3.0 - 'ContentID' Blind SQL Injection
by R3d-D3V!L
ActiveBuyAndSell 6.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.
by R3d-D3V!L
Active Auction House 3.6 - SQL Injection
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
by R3d-D3V!L
iSupport < 1.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.
by Stink & Essandre
QuickHeal AntiVirus 2010 - Local Privilege Escalation
by Francis Provencher
Kaspersky Anti-Virus <9.0.0.463 - Privilege Escalation
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
by Maxim A. Kulakov
Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC)
by Connection
WP-Forum < 2.4 - SQL Injection via Search Max Parameter
Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.
by Juan Galiana Lara
WHMCompleteSolution CMS - SQL Injection
by Dr.0rYX & Cr3W-DZ
Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting
by Milos Zivanovic
Pre Hospital Management System - Authentication Bypass
by R3d-D3V!L
Pre Hospital Management System - 'department.php?id' SQL Injection
by R3d-D3V!L
IDevSpot PhpLinkExchange 1.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Stink'
By Source