Exploitdb Exploits
50,095 exploits tracked across all sources.
Apache Portable Runtime < 1.4.5 - Denial of Service via Hash Collision
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
by Moritz Muehlenhoff
VLC media player 1.1.11 - Denial of Service via Long String in AMR File
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
by Fabi@habsec
UBB.threads <= 7.5.6 - Cross-Site Scripting via Loginname Parameter
Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter.
by sonyy
TYPO3 4.5.x-4.5.9 4.6.x-4.6.2 4.7 - Remote Code Execution via BACK_PATH Parameter
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
by MaXe
Textpattern CMS 4.4.1 - Cross-Site Scripting via ddb Parameter
Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter.
by Jonathan Claudius
Otterware StatIt 4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.
by sonyy
Posse Softball Director CMS - SQL Injection
by H4ckCity Security Team
Posse Softball Director CMS - SQL Injection
SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.
by Easy Laster
Orchard 1.0.x-1.0.20, 1.1.x-1.1.30, 1.2.x-1.2.41, 1.3.x-1.3.9 - Open Redirect via ReturnUrl Parameter
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
by Mesut Timur
Limny 3.0.1 - Cross-Site Scripting via PATH_INFO in admin/login.php
Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.
by Gjoko Krstic
GraphicsClone Script - Cross-Site Scripting via Search Term Parameter
Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter.
by Mr.PaPaRoSSe
phpace samswhois < 1.4.2.3 - Cross-Site Scripting via Domain Parameter
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194.
by Atmon3r
WordPress Plugin Comment Rating 2.9.20 - 'path' Cross-Site Scripting
by The Evil Thinker
MyStore Xpress Tienda Virtual - SQL Injection
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Arturo Zamora
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
by Christian Mehlmauer
OpenKM < 5.1.8-2 - Cross-Site Request Forgery via Admin Scripting Endpoint
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.
by Cyrill Brunschwiler
WSN Links Script 2.3.4 - SQL Injection
by H4ckCity Security Team
Php-X-Links - SQL Injection via id, cid, or t Parameter
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.
by H4ckCity Security Team
MyPHPDating 1.0 - SQL Injection via Page ID Parameter
SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
by ITTIHACK
FuseTalk Forums < 3.2 - Cross-Site Scripting via login.cfm windowed Parameter
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
by sonyy
WordPress WP Live.php <1.2.1 - XSS
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.
by H4ckCity Security Team
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
by infodox
TheCartPress < 1.1.6 - Cross-Site Scripting via tcp_name_post_XXXXX Parameter
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
by 6Scan
By Source