Exploitdb Exploits
50,091 exploits tracked across all sources.
MYRE Realty Manager - SQL Injection via bathrooms1 Parameter
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.
by d3b4g
Narcissus backend.php - release Parameter Command Injection
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.
by dun
Novell Groupwise Internet Agent - LDAP BIND Request Overflow
by Francis Provencher
MYRE Vacation Rental Software - Cross-Site Scripting via link_idd Parameter
Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parameter in a login action.
by d3b4g
MYRE Business Directory - Cross-Site Scripting via Search Look Parameter
Cross-site scripting (XSS) vulnerability in search.php in MYRE Business Directory allows remote attackers to inject arbitrary web script or HTML via the look parameter.
by d3b4g
myre_realty_manager - Cross-Site Scripting via search.php cat_id1 Parameter
Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
by d3b4g
friendsinwar FAQ Manager - SQL Injection / Authentication Bypass
by d3b4g
dotProject <= 2.0.1 - Remote File Inclusion via baseDir and dPconfig Parameters
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product
by dun
CVSS 5.6
Jira Scriptrunner 2.0.7 - Cross-Site Request Forgery / Remote Code Execution (Metasploit)
by Ben Sheppard
Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)
by Vulnerability-Lab
libtiff < 3.9.5 - Heap-based Buffer Overflow in OJPEG Decoder
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
by Francis Provencher
IrfanView - '.RLE' Image Decompression Buffer Overflow
by Francis Provencher
Eventy CMS 1.8 Plus - Multiple Vulnerabilities
by Vulnerability-Lab
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
by Metasploit
Java Applet AverageRangeStatisticImpl Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
by Metasploit
CVSS 9.8
Huawei Various - Path Traversal
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
by Roberto Paleari
Zoner Photo Studio 15 Build 3 - 'Zps.exe' Registry Value Parsing
by Julien Ahrens
vBulletin vBay 1.1.9 - Error-Based SQL Injection
by Dan UK
Bananadance Wiki b2.2 - Multiple Vulnerabilities
by Vulnerability-Lab
By Source