Exploitdb Exploits
50,095 exploits tracked across all sources.
HP SAN/iQ < 9.5 - Authenticated OS Command Injection via Ping Parameter
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
by Nicolas Gregoire
RabidHamster R2/Extreme - Unauthenticated Path Traversal via Telnet File Command
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command.
by Luigi Auriemma
Symantec pcAnywhere <= 12.5.3 - Denial of Service via Crafted TCP Session
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.
by Johnathan Norman
Pandora FMS 4.0.1 - 'sec2' Local File Inclusion
by Ucha Gobejishvili
Horde Groupware 1.2.10 and Horde 3.3.12 - Remote Code Execution via Trojanized JavaScript Template
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
by Metasploit
HP SAN/iQ < 9.5 - Unauthenticated Remote Access via Hardcoded Password
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
by Nicolas Gregoire
Oracle Java SE/JFB - Unspecified Vuln
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
by Metasploit
Novell Groupwise Messenger Client 2.1.0 - Unicode Stack Overflow
by Luigi Auriemma
Novell Groupwise Messenger 2.1.0 - Memory Corruption
by Luigi Auriemma
Novell Groupwise Messenger 2.1.0 - Arbitrary Memory Corruption
by Luigi Auriemma
Tube Ace 1.6 - SQL Injection via q Parameter
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
by Daniel Godoy
SocialCMS 1.0.2 - Cross-Site Request Forgery in Administrator Account Management
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.
by Ivano Binetti
CONTIMEX Impulsio CMS - SQL Injection via id Parameter
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by sonyy
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections
by tempe_mendoan
11in1 1.2.1 - Cross-Site Request Forgery in admin/index.php
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.
by High-Tech Bridge SA
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
Zimbra Collaboration Suite 6.x-6.0.15 7.x-7.1.3 - Cross-Site Scripting via Calendar View Parameter
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
by sonyy
STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
By Source