Exploitdb Exploits
31,357 exploits tracked across all sources.
Green Dam Youth Escort <3.17 - Buffer Overflow
Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution.
by seer[N.N.U]
Campus Virtual-LMS - Cross-Site Scripting via courseid, search, or siteid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php.
by Yasión
Campus Virtual-LMS - SQL Injection via News ID Parameter
SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Yasión
TBDev.NET 01-01-08 - Open Redirect via Returnto Parameter
Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI.
by intern0t
Zip Store Chat 4.0-5.0 - SQL Injection
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.
by ByALBAYX
Uebimiau Web-Mail 3.2.0-1.8 - Remote File / Overwrite
by GoLd_M
transLucid 1.75 - Cross-Site Scripting via NodeID and Action Parameters
Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.
by intern0t
TBDev.NET 01-01-08 - Cross-Site Scripting via Returnto Parameter or User Profile Fields
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php.
by intern0t
Pivot 1.40.4 and 1.40.7 - Exposure of Sensitive Information via Invalid URL Parameter
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
by intern0t
Campus Virtual-LMS - Cross-Site Request Forgery via Session Termination and Enrolment Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php.
by Yasión
4images < 1.7.7 - Unauthenticated Path Traversal via Global.php l Parameter
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
by Qabandi
Yogurt 0.3 - Cross-Site Scripting via msg Parameter
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Br0ly
ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass
by Lavakumar Kuppan
Yogurt 0.3 - Authenticated SQL Injection via Original Parameter
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
by Br0ly
TorrentVolve 1.4 - Path Traversal via DeleteTorrent Parameter
Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter.
by Br0ly
phpWebThings <1.5.2 - Path Traversal
Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
by Br0ly
Worldweaver DX Studio Player <3.0.29.1 - RCE
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
by Core Security
School Data Navigator - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by Br0ly
mrcgiguy freeticket - Cookie Handling / SQL Injection
by ThE g0bL!N
Desi Short URL Script 1.0 - Auth Bypass
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
by N@bilX
XAMPP 1.6.x - Multiple Cross-Site Scripting Vulnerabilities
by MustLive
MRCGIGUY The Ticket System 2.0 - Info Disclosure
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
by ThE g0bL!N
Apple Safari < 4.0 - XML External Entity Injection via XSL Stylesheet
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
by Chris Evans
CVSS 7.5
Hot Links SQL-PHP < 3.0 - SQL Injection via Report ID Parameter
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ThE g0bL!N
By Source