Exploitdb Exploits
31,369 exploits tracked across all sources.
Magento 1.2.0/1.2.1.1 - Cross-Site Scripting via Login/Email/Downloader Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.
by Loukas Kalenderidis
Magento 1.2.0/1.2.1.1 - Cross-Site Scripting via Login/Email/Downloader Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.
by Loukas Kalenderidis
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
by webDEViL
CVSS 7.8
zFeeder 1.6 - Unauthenticated Administrative Access via Direct Request
zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.
by ahmadbady
taifajobs < 1.0 - SQL Injection via jobid Parameter
SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
by K-159
GigCalendar (com_gigcal) 1.0 - SQL Injection via gigcal_venues_id or gigcal_bands_id Parameter
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
by Salvatore Fresta
mldonkey 2.8.4-2.9.7 - Path Traversal via Leading Double Slash
Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
by Michael Peselnik
Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting
by Rizki Wicaksono
phpBB 3 - 'autopost bot mod 0.1.3' Remote File Inclusion
by Kacper
Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure
by Pouya_Server
lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Remote File Inclusion
by Kacper
i-dreams Mailer 1.2 Final - 'admin.dat' File Disclosure
by Pouya_Server
i-dreams GB Server - 'admin.dat' File Disclosure
by Pouya_Server
i-dreams GB 5.4 Final - 'admin.dat' File Disclosure
by Pouya_Server
smNews - SQL Injection via Username Parameter
SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote attackers to execute arbitrary SQL commands via the username parameter.
by x0r
S-Cms 1.1 - SQL Injection via id Parameter
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
by x0r
S-Cms 1.1 Stable - Unauthenticated Authentication Bypass via Login Cookie
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
by x0r
phnews Alpha 1 - Unauthenticated Arbitrary File Download via Direct Request
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.
by x0r
SAS Hotel Management System - Arbitrary File Upload
by ZoRLu
RavenNuke 2.30 - Authenticated Remote Code Execution via Your Account Module Avatarlist preg_replace
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.
by waraxe
RavenNuke 2.30 - Path Disclosure via aFonts Array Parameter
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.
by waraxe
RavenNuke 2.30 - Authenticated PHP Code Injection via Your Account Custom Fields
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
by waraxe
RavenNuke 2.30 - Authenticated SQL Injection via Resend_Email Module user_prefix Parameter
SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.
by waraxe
By Source