Exploitdb Exploits
31,357 exploits tracked across all sources.
HotWeb Rentals - SQL Injection via PropId Parameter
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
by R3d-D3V!L
FotoTagger 2.12.0.0 - '.XML' Buffer Overflow (PoC)
by the_Edit0r
Batch Picture Watemark 1.0 - '.jpg' Local Crash (PoC)
by the_Edit0r
TurtuShout 0.11 - SQL Injection via Name Field
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
by jdc
BS Counter 2.5.3 - SQL Injection via Page Parameter
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Bgh7
Aurora CMS 1.0.2 - Remote Code Execution via AURORA_MODULES_FOLDER Parameter
PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.
by EA Ngel
Neufbox NB4-R1.5.10-MAIN - Persistent Cross-Site Scripting
by 599eme Man
Paul Smith Computer Services vCAP <1.9.0 - Path Traversal
Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by securma massine
com_hbssearch - SQL Injection via h_id, id, or rid Parameters
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
by K-159
Datavore Gyro 5.0 - Cross-Site Scripting via Home Component cid Parameter
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
by OoN_Boy
Xerver HTTP Server 4.32 - Exposure of Sensitive Information via ::$DATA Suffix
Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
by Dr_IDE
Kolibri+ Web Server 2 - Source Code Disclosure
by SkuLL-HackeR
Kolibri+ Web Server 2 - Arbitrary Source Code Disclosure (2)
by Dr_IDE
SZNews 2.7 - Remote Code Execution via printnews.php3 id Parameter
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
by kurdish hackers team
Planet and Planet Venus - Cross-Site Scripting via IMG SRC Attribute
Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.
by Steve Kemp
PHP-IPNMonitor - SQL Injection via maincat_id Parameter
SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter.
by noname
Match Agency BiZ 1.0 - Cross-Site Scripting via Important Parameter or PID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
by Moudi
Match Agency BiZ 1.0 - Cross-Site Scripting via Important Parameter or PID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
by Moudi
com_hbssearch - Cross-Site Scripting via Adult Parameter
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.
by K-159
Joomla! Component com_mediaalert - 'id' SQL Injection
by Moudi
Image voting 1.0 - SQL Injection via Show Parameter
SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter.
by SkuLL-HackeR
Datavore Gyro 5.0 - SQL Injection via cid Parameter in Home Component
SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.
by OoN_Boy
Mozilla Firefox <3.0.14 - Info Disclosure
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
by Dan Kaminsky
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
by Ramon de C Valle
CVSS 7.8
By Source