Exploitdb Exploits
31,369 exploits tracked across all sources.
Easy File Sharing Web Server 4.8 - Path Traversal via vfolder Parameter
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
by Stack
Imera TeamLinks Client - Remote Code Execution via ImeraIEPlugin ActiveX Control
Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters.
by Elazar
EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)
by Stack
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
by d3b4g
Novaboard 1.0 - HTML Injection / Cross-Site Scripting
by Jose Luis Zayas
Jogjacamp JProfile Gold - 'id_news' SQL Injection
by kecemplungkalen
blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion
by Salvatore Fresta
curl 5.11-7.19.3 - Remote Request Smuggling via Redirect Location Header
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
by David Kierznowski
Graugon PHP Article Publisher 1.0 - SQL Injection via c or id Parameter
Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to view.php.
by x0r
EZ-Blog Beta 1 - Unauthenticated Arbitrary Post Creation and Deletion
EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts.
by Salvatore Fresta
Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Multiple Cross-Site Scripting Vulnerabilities
by Isfahan
ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting
by Salvatore Fresta
Joomla! / Mambo Component eXtplorer - Code Execution
by Juan Galiana Lara
Graugon PHP Article Publisher 1.0 - Unauthenticated Authentication Bypass via g_admin Cookie
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
by x0r
EZ-Blog Beta 1 - SQL Injection via StoryID or Kill Parameter
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php.
by Salvatore Fresta
Digital Interchange Document Library 1.0.1 - Unauthenticated Administrator Credential Modification via save_user.asp
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information.
by ByALBAYX
Digital Interchange Calendar 5.7.13 - Contents Change
by ByALBAYX
blogsa < 1.0beta3 - Cross-Site Scripting via Widgets.aspx searchText Parameter
Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.
by DJR
Access2asp - 'imageLibrar' Arbitrary File Upload
by mr.al7rbi
CMSCart 1.04 - 'maindatafunctions.php' SQL Injection
by John Martinelli
Irokez CMS < 0.7.1 - Remote File Inclusion via Multiple PHP Script Parameters
Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/.
by Corwin
By Source