Exploitdb Exploits
31,369 exploits tracked across all sources.
irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection
by Corwin
djbdns < 1.05 - Remote Arbitrary DNS Record Injection via Crafted Zone Data
The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.
by Matthew Dempsky
SkyPortal Downloads Manager 1.1 - Remote Contents Change
by ByALBAYX
Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation
by StAkeR
IBM WebSphere Application Server 6.1 - Cross-Site Scripting in Administrative Console
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by IBM
OpenSC < 0.11.7 - Unauthenticated Private Data Object Read via Low-Level APDU Command
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
by Andreas Jellinghaus
DesignerfreeSolutions NewsLetter Manager Pro - Authentication Bypass
by ByALBAYX
Phlatline Personal Information Manager 1.01 - Path Traversal via Notes.php ID Parameter
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
by Justin Keane
Apple Safari 4 Beta build 528.16 - Denial of Service via Malformed feeds: URI
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character.
by Trancer
JOnAS 4.10.3 - 'select' Error Page Cross-Site Scripting
by Digital Security Research Group
Netgear WGR614v9 Wireless Router - Denial of Service
by staticrez
SkyPortal Picture Manager 0.11 - Contents Change
by ByALBAYX
SkyPortal Classifieds System 0.12 - Contents Change
by ByALBAYX
Counter Strike Source ManiAdminPlugin 1.x - Remote Buffer Overflow (PoC)
by M4rt1n
Adobe Flash Player <9.0.159.0 & <10.0.22.87 - RCE
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
by Javier Vicente Vallejo
xGuestbook 2.0 - SQL Injection via User Parameter
SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter.
by Fireshot
Magento 1.2.0/1.2.1.1 - Cross-Site Scripting via Login/Email/Downloader Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.
by Loukas Kalenderidis
By Source