Exploitdb Exploits
31,346 exploits tracked across all sources.
RADIO istek scripti 2.5 - Info Disclosure
RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.
by kurdish hackers team
phpBazar <2.1.1fix - Info Disclosure
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
by kurdish hackers team
Joomla! Component com_mygallery - 'cid' SQL Injection
by S@BUN
Google Calendar GCalendar <2.1.4 - SQL Injection
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
by Yogyacarderlink Crew
XM Easy Personal FTP Server 5.8.0 - DoS
XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command.
by leinakesi
TYPSoft FTP Server 1.10 - Authenticated Denial of Service via APPE and DELE Command Sequence
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.
by leinakesi
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)
by MustLive
Quick.Cart 3.4 - Cross-Site Request Forgery via Admin Orders-Delete Action
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.
by Alice Kaerast
Quick.Cart 3.4 - Cross-Site Request Forgery via Admin Orders-Delete Action
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.
by Alice Kaerast
PointComma < 3.8b2 - Remote Code Execution via pcConfig[smartyPath] Parameter
PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter.
by cr4wl3r
PHP Traverser 0.8.0 - Remote Code Execution
PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by cr4wl3r
Outreach Project Tool < 1.2.7 - Remote Code Execution via CRM_path Parameter
PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter.
by cr4wl3r
OSI Codes PHP Live! Support 3.1 - Remote File Inclusion
by Don Tukulesto
NukeHall <= 0.3 - Remote Code Execution via spaw_root Parameter
Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/.
by cr4wl3r
KR-Web < 1.1 - Remote Code Execution via DOCUMENT_ROOT Parameter
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
by cr4wl3r
Python 1.5.2-2.5.1 - Integer Overflow in imageop.c crop Function
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
by Chris Evans
Autodesk Softimage 7.x and Softimage XSI 6.x - Remote Code Execution via Scene Table of Contents Script_Content Element
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
by Core Security
Autodesk Maya 6.5-2010 and Alias Wavefront Maya 6.5-7.0 - Remote Code Execution via MEL Script Nodes
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."
by Core Security
Joomla! Component mygallery - 'farbinform_krell' SQL Injection
by Manas58 BAYBORA
Joomla! 1.5.x - 404 Error Page Cross-Site Scripting
by MustLive
MySQL 5.0.x < 5.0.88 and 5.1.x < 5.1.41 - Authenticated Denial of Service via SELECT Subquery Error Handling
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
by Shane Bester
By Source