Exploitdb Exploits
50,095 exploits tracked across all sources.
AirTies Air 4450 1.1.2.18 - Denial of Service via Direct Request to cgi-bin/loader
AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.
by rigan
Atar2b CMS 4.0.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
by BHG Security Center
Atar2b CMS 4.0.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
by BHG Security Center
Atar2b CMS 4.0.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
by BHG Security Center
DIGIT CMS 1.0.7 - Cross-Site Scripting / SQL Injection
by BHG Security Center
Pay With Tweet < 1.1 - Cross-Site Scripting via Link, Title, or DL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
by Gianluca Brindisi
Apache Struts <2.3.1.1 - Code Injection
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
by SEC Consult
Apache Struts < 2.3.1.1 - Remote Code Execution via CookieInterceptor
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
by SEC Consult
Apache Struts < 2.2.3.1 - Remote Code Execution via ExceptionDelegator OGNL Expression Injection
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
by SEC Consult
CVSS 9.8
IpTools 0.1.4 - Unauthenticated Path Traversal via HTTP Request
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
by demonalex
IpTools 0.1.4 - Denial of Service via Long String to TCP Port 23
Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.
by demonalex
Pay With Tweet <1.2 - SQL Injection
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
by Gianluca Brindisi
TinyWebGallery 1.8.3 - Remote Code Execution via Command Parameter
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
by Expl0!Ts
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
by H4ckCity Security Team
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
by H4ckCity Security Team
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
by H4ckCity Security Team
eFront 3.6.10 - 'download' Directory Traversal
by Chokri B.A
Novell NetWare 6.5 SP8 - Buffer Overflow
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
by Francis Provencher
Novell NetWare 6.5 SP8 - Buffer Overflow
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
by Francis Provencher
Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
by SEC Consult
HServer 0.1.1 - Path Traversal via Encoded Dot-Dot-Backslash Sequences
Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO.
by demonalex
Yaws 1.88 - Cross-Site Scripting via Wiki Application Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
by SiteWatch
VertrigoServ 2.25 - Cross-Site Scripting via ext Parameter
Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter.
by Stefan Schurtz
SQLiteManager 1.2.4 - Cross-Site Scripting via dbsel or nsextt Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
by Stefan Schurtz
SQLiteManager 1.2.4 - Cross-Site Scripting via dbsel or nsextt Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
by Stefan Schurtz
By Source