Exploitdb Exploits
50,095 exploits tracked across all sources.
AllWebMenus WordPress Plugin 1.1.8 - Unauthenticated Arbitrary File Upload and Remote Code Execution
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
by 6Scan
miniCMS 1.0 and 2.0 - Remote Code Execution via Pagename or Area Variable
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
by Or4nG.M4N
Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)
by red-dragon
Savant Web Server 3.1 - Remote Buffer Overflow (4)
by red-dragon
tribiq CMS - SQL Injection via id Parameter
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Skote Vahshat
php_ireport 1.0 - Cross-Site Scripting via Message Parameter
Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php.
by Or4nG.M4N
Lead Capture Page System - Stored Cross-Site Scripting via Admin Login Message Parameter
Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by HashoR
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by the_cyber_nuxbie
Joomla! Component Full - 'id' SQL Injection
by the_cyber_nuxbie
Joomla! Component com_some - 'Controller' Local File Inclusion
by the_cyber_nuxbie
com_obsuggest < 1.8 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by the_cyber_nuxbie
Joomla! Component com_car - Multiple SQL Injections
by the_cyber_nuxbie
Joomla! Component com_bulkenquery - 'Controller' Local File Inclusion
by the_cyber_nuxbie
Joomla! Component com_boss - 'Controller' Local File Inclusion
by the_cyber_nuxbie
iSupport 1.x - Cross-Site Request Forgery via Administrator Account Addition
Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.
by Or4nG.M4N
Raven 1.0 - 'connector.asp' Arbitrary File Upload
by HELLBOY
Aryadad CMS - SQL Injection via PageID Parameter
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.
by Red Security TEAM
acidcat_cms 3.5.1, 3.5.2, 3.5.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.
by Avram Marius
HP OpenView Network Node Manager <7.51-7.53 - RCE
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
by Metasploit
Avaya WinPDM UniteHostRouter 3.8.2 - Remote Command Execution
by Abysssec
VideoLAN VLC Media Player 1.2.0 - 'libtaglib_pluggin.dll' Denial of Service
by Mitchell Adair
Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Alexander Fuchs
Gitorious - Arbitrary Command Execution (Metasploit)
by Metasploit
By Source