Exploitdb Exploits
50,076 exploits tracked across all sources.
SGI IRIX - Buffer Overflow in xlock
root privileges via buffer overflow in xlock command on SGI IRIX systems.
Data General DG UX - Buffer Overflow
Buffer overflow in xlock program allows local users to execute commands as root.
CVSS 8.4
CVE-2005-0548
EXPLOITDB
Solaris AnswerBook2 Documentation 1.4.4 - Cross-Site Scripting via Search Function
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.
Raptor GFX Configuration Tool - Local Command Execution via PATH Manipulation
pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.
CVE-2000-0154
EXPLOITDB
UnixWare - Local Privilege Escalation
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.
UnixWare - Arbitrary File Read via pkg Commands
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
SCO OpenServer and UNIX - Buffer Overflow via Long TERM Environment Variable or .mscreenrc Entry
Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file.
GitLab CE/EE <11.3.11-11.5.1 - SSRF
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
CVSS 7.7
GitLab CE/EE <11.3.11-11.5.1 - SSRF
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
CVSS 7.7
phpoutsourcing Zorum Forum <3.5 - SQL Injection
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method.
CVE-2014-9235
EXPLOITDB
Zoph < 0.9.1 - Authenticated SQL Injection via _action or location_id Parameter
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
CVE-2009-4140
EXPLOITDB
Open Flash Chart v2 Beta 1-v2 Lug Wyrm Charmer - RCE
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
ZoneMinder < 1.36.27 - Stored Cross-Site Scripting via Log File Parameter
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.
CVSS 7.6
ZoneMinder < 1.36.27 - Authenticated Cross-Site Request Forgery via HTTP GET Request
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVSS 8.0
Zoho ManageEngine ADSelfService Plus 5.7 - Cross-Site Scripting in Self-Update Layout
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
CVSS 6.1
zenphoto < 1.4.9 - Authenticated SQL Injection
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
CVSS 7.2
zenphoto < 1.4.8 - Cross-Site Scripting via sanitize_string Function
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.
CVSS 6.1
CVE-2008-3306
EXPLOITDB
C. Desseno YouTube Blog (ytb) 0.1 - SQL Injection
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4881
EXPLOITDB
YourFreeWorld Reminder Service Script - SQL Injection via id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4882
EXPLOITDB
YourFreeWorld Autoresponder Hosting Script - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4883
EXPLOITDB
YourFreeWorld Blog Blaster Script - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4884
EXPLOITDB
YourFreeWorld Classifieds Hosting Script - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4895
EXPLOITDB
YourFreeWorld Downline Builder - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4486
EXPLOITDB
Yerba < 6.3 - Remote Code Execution via Path Traversal in mod Parameter
Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
CVE-2008-2878
EXPLOITDB
Academic Web Tools < 1.4.2.8 - Open Redirect via rss_getfile.php file Parameter
Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter.
By Source