Exploitdb Exploits
31,357 exploits tracked across all sources.
Microsoft Internet Explorer Cross-Domain Information Disclosure via Cached Content Rendering
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."
by Jorge Luis Alvarez Medina
MRCGIGUY The Ticket System 2.0 - SQL Injection
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
by ThE g0bL!N
Joomla! com_vehiclemanager 1.0 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Mehmet Ince
Joomla! com_realestatemanager 1.0 Basic - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Mehmet Ince
MediaLibrary (com_media_library) 1.5.3 Basic - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Mehmet Ince
Joomla! com_booklibrary <1.5.2.4 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Mehmet Ince
konze com_akobook 2.3 - SQL Injection via gbid Parameter
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
by Ab1i
Virtue News Manager - SQL Injection
SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter.
by snakespc
SAP GUI 6.4 - ActiveX (Accept) Remote Buffer Overflow (PoC)
by DSecRG
Virtue Shopping Mall - SQL Injection
SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by OzX
Virtue News Manager - Cross-Site Scripting via nid Parameter
Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
by snakespc
Virtue Classifieds - SQL Injection via Search Category Parameter
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
by OzX
Virtue Book Store - SQL Injection via products.php cid Parameter
SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by OzX
Jared Eckersley MyCars - SQL Injection via authuserid Parameter
SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter.
by snakespc
Joomla! com_moofaq 1.0 - Path Traversal
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Chip d3 bi0s
Joomla ComSchool 1.4 - SQL Injection via classid Parameter
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
by Chip d3 bi0s
Joomla! Component com_portafolio - 'cid' SQL Injection
by Chip d3 bi0s
Frontis 3.9.01.24 - SQL Injection via source_class Parameter
SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.
by snakespc
DM FileManager 3.9.2 - Unauthenticated Authentication Bypass via Cookie Manipulation
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
by ThE g0bL!N
CA SiteMinder - XSS
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
by Arshan Dabirsiaghi
Automated link exchange portal 1.3 - Multiple Vulnerabilities
by TiGeR-Dz
Awingsoft Awakening Winds3D Viewer <3.5.0.0-<3.0.0.5 - Code Injection
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
by Diego Juarez
CA SiteMinder - XSS
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
by Arshan Dabirsiaghi
By Source