Exploitdb Exploits
31,369 exploits tracked across all sources.
JobHut 1.2 - SQL Injection via browse.php pk Parameter
SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter.
by K-159
Family Connections <1.8.2 - SQL Injection
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.
by Salvatore Fresta
BandSite CMS 1.1.4 - Authenticated Remote Code Execution via File Upload
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information.
by SirGod
NOKIA Siemens FlexiISN 3.1 - Multiple Authentication Bypass Vulnerabilities
by TaMBaRuS
Check Point Firewall-1 PKI Web Service - Buffer Overflow via Long HTTP Header
NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis.
by Bugs NotHugs
Diskos CMS 6.x - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb.
by AnGeL25dZ
iWare Professional 5.0.4 - SQL Injection
SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by boom3rang
arcadwy_arcade_script - SQL Injection via User Cookie Parameter
SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.
by ZoRLu
Simply Classified 0.2 - 'category_id' SQL Injection
by G4N0K
Moodle 1.6-1.6.9 1.7-1.7.7 1.8-1.8.9 1.9-1.9.5 - Arbitrary File Read via TeX Filter Input Command
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
by Christian J. Eibl
Free PHP Petition Signing Script - Authentication Bypass
by Qabandi
Arcadwy Arcade Script CMS - Stored Cross-Site Scripting via User Registration Username Field
Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).
by Anarchy Angel
Acutecp - SQL Injection
SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by SirGod
Blogplus 1.0 - Path Traversal and Arbitrary File Execution via Multiple Parameters
Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php.
by ahmadbady
Acute Control Panel 1.0.0 - Remote Code Execution via Theme Directory Parameter
Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.
by SirGod
Novell NetStorage 2.0.1/3.1.5 - Multiple Remote Vulnerabilities
by Bugs NotHugs
WeBid 0.7.3 RC9 - 'upldgallery.php' Arbitrary File Upload
by Ahmad Pay
Comparison Engine Power 1.0 - 'product.comparision.php' SQL Injection
by SirGod
Firefox < 3.0.8 - Remote Code Execution via Crafted XSLT Transform
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
by Guido Landi
Microsoft GDI+ - Denial of Service via Crafted EMF File
Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."
by Black Security
PHPizabi 0.848b C1 HFP1 - Privilege Escalation
by Nine:Situations:Group
PHPizabi 0.8 - 'notepad_body' SQL Injection
by Nine:Situations:Group::bookoo
By Source