Exploitdb Exploits
50,095 exploits tracked across all sources.
4images 1.7.10 - Cross-Site Scripting via cat_parent_id Parameter
Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.
by RandomStorm
Apache HTTP Server <2.2.21 - Info Disclosure
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
by pilate
sudo 1.8.0-1.8.3p1 - Local Use-After-Free via Format String in sudo_debug
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
by joernchen
phux Download Manager - SQL Injection
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter.
by Red Security TEAM
Joomla! Component com_propertylab - 'id' SQL Injection
by the_cyber_nuxbie
Joomla! Component com_firmy - 'Id' SQL Injection
by the_cyber_nuxbie
Joomla! Component com_bbs - Multiple SQL Injections
by the_cyber_nuxbie
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection
by Or4nG.M4N
Tracker Software PDF-XChange <3.60.0128 - Buffer Overflow
Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry function or (2) sub_key parameter to the InitFromRegistry function.
by LiquidWorm
Windows Multimedia Library - Remote Code Execution via Crafted MIDI File
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
by Metasploit
CVSS 8.1
Joomla! Component com_visa - Local File Inclusion / SQL Injection
by the_cyber_nuxbie
Joomla! Component com_cmotour - 'id' SQL Injection
by the_cyber_nuxbie
miniupnpd < 1.4 - Denial of Service via Crafted SSDP Request
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
by Rapid7
HP Diagnostics - Memory Corruption
Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that "the vulnerable product is actually HP LoadRunner."
by Metasploit
vBSEO < 3.6.0 - Remote Code Execution via char_repl Parameter
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
by EgiX
Peel SHOPPING 2.8 and 2.9 - Cross-Site Scripting via motclef Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.
by Cyber-Crystal
phplist < 2.10.13 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.
by Cyber-Crystal
Sysax Multi Server < 5.52 - Authenticated Stack-Based Buffer Overflow via HTTP Request
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.
by Craig Freyman
xClick Cart 1.0.1 and 1.0.2 - Cross-Site Scripting via shopping_url Parameter
Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.
by sonyy
Slideshow Gallery2 - Cross-Site Scripting via Border Parameter
Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter.
by Bret Hawk
VR GPub 4.0 - Cross-Site Request Forgery in Admin Options
Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action.
by Cyber-Crystal
phplist < 2.10.19 - Cross-Site Scripting via testtarget Parameter
Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.
by Cyber-Crystal
By Source