Exploitdb Exploits
50,095 exploits tracked across all sources.
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - CSRF
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
by mehdi boukazoula
HM Community < 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
by 599eme Man
NJStar Communicator MiniSmtp 3.0.11818 - Remote Code Execution via Crafted Packet
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
by Dillon Beresford
Advantech WebAccess < 7.0 - Denial of Service via Modified Stream Identifier
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
by Snake
Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)
by rgod
Classipress < 3.1.5 - Cross-Site Scripting via Twitter and Facebook Widget Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
by Paul Loftness
HM Community (com_hmcommunity) < 1.0 - Cross-Site Scripting via Multiple Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
by 599eme Man
com_alameda < 1.0.0 - SQL Injection via Storeid Parameter
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
by kaMtiEz
jbShop plugin for e107 7 - Cross-Site Scripting via item_id Parameter
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
by Robert Cooper
Barter Sites com_listing 1.3 - SQL Injection via category_id Parameter
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
by Chris Russell
phpalbum < 0.4.1.16 - Cross-Site Scripting via var1 or keyword Parameter
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
by BHG Security Center
phpalbum < 0.4.1.16 - Path Traversal via var1 Parameter
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
by BHG Security Center
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by Chris Russell
Joomla! Component com_jeemasms 3.2 - Multiple Vulnerabilities
by Chris Russell
Barter Sites com_listing 1.3 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.
by Chris Russell
Apple Mac OSX 10.6.5 / iOS 4.3.3 Mail - Denial of Service
by shebang42
Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC)
by Marcel Bernhardt
GFI Faxmaker Fax Viewer 10.0 (build 237) - Denial of Service (PoC)
by loneferret
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting
by 599eme Man
Techfolio (com_techfolio) 1.0 - SQL Injection via catid Parameter
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Chris Russell
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections
by Vulnerability Research Laboratory
X.Org X Server - Local Access Restriction Bypass via TTY Verification Flaw
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
by vladz
WPTouch - SQL Injection via id Parameter
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by longrifle0x
By Source