Exploitdb Exploits
31,369 exploits tracked across all sources.
PostgreSQL 8.3.6 - Low Cost Function Information Disclosure
by Andres Freund
Sun xVM VirtualBox 2.0.0-2.1.4 - Privilege Escalation via Hardlink Attack
Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
by Sun Microsystems
Belkin Bulldog Plus 4.0.2 build 1219 - Buffer Overflow
Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication.
by Elazar
CS-Cart 2.0.0 Beta 3 - SQL Injection via product_id Parameter
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.
by netsoul
CMS S.Builder < 3.7 - Remote Code Execution via binn_include_path Cookie
PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be leveraged to include and execute arbitrary local files.
by cr0w
phpCommunity 2 2.1.8 - Cross-Site Scripting via msg Parameter in login.php
Cross-site scripting (XSS) vulnerability in templates/1/login.php in phpCommunity 2 2.1.8 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Salvatore Fresta
phpCommunity 2 2.1.8 - SQL Injection via forum_id or topic_id Parameter
Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.
by Salvatore Fresta
mks_vir 9b < 1.2.0.0b297 - 'mksmonen.sys' Local Privilege Escalation
by NT Internals
WoltLab Burning Board <3.0.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472.
by StAkeR
PHPRecipeBook 2.24 and 2.39 - SQL Injection via base_id or course_id Parameter
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
by d3b4g
phpCommunity 2 2.1.8 - Path Traversal via File or Path Parameter
Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php.
by Salvatore Fresta
Book Panel - SQL Injection via bookid Parameter
SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter.
by elusiven
PHortail 1.2.1 - Cross-Site Scripting via Poster.php Parameters
Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters.
by Jonathan Salwan
nForum 1.5 - SQL Injection via id or user Parameter
Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.
by Salvatore Fresta
Wili-CMS 0.4.0 - Local File Inclusion / Remote File Inclusion / Authentication Bypass
by Salvatore Fresta
UMI CMS 2.7 - 'fields_filter' Cross-Site Scripting
by Dmitriy Evteev
TinX/cms < 3.5 - SQL Injection via RSS id Parameter
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Dmitriy Evteev
oneorzero_helpdesk <= 1.6.5.7 - Path Traversal via Default Language Parameter
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter.
by dun
isiAJAX 1 - SQL Injection via id Parameter
SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by dun
Blue Eye CMS <= 1.0.0 - SQL Injection via BlueEyeCMS_login Cookie Parameter
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
by ka0x
CelerBB 0.0.2 - Exposure of Sensitive Information via User Parameter
showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.
by Salvatore Fresta
CelerBB 0.0.2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.
by Salvatore Fresta
CelerBB 0.0.2 - Authentication Bypass via Username Parameter
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
by Salvatore Fresta
Amoot Web Directory - Password Field SQL Injection
by Pouya_Server
Microsoft Interix 6.0 build 10.0.6030.0 and OpenBSD <= 4.4 - Denial of Service via Deep Directory Tree
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
by SecurityReason
By Source