Exploitdb Exploits
50,095 exploits tracked across all sources.
Andy's PHP Knowledgebase <0.95.3 - SQL Injection
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
by Mark Stanislav
Perl 5.10.x-5.12.3 and 5.13.x-5.13.11 - Taint Protection Bypass via lc, lcfirst, uc, and ucfirst Functions
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
by mmartinec
Easy File Sharing Web Server 5.8 - Multiple Vulnerabilities
by AutoSec Tools
IDEAL Administration 2011 11.4 - Local Buffer Overflow (SEH)
by Dr_IDE
Microsoft Windows Explorer 6.0.2900.5512 - 'Shmedia.dll 6.0.2900.5512' AVI Preview Denial of Service (PoC)
by BraniX
GOM Player 2.1.28.5039 - AVI Denial of Service (PoC)
by BraniX
Tracks 1.7.2, 2.0RC2, and 2.0devel - Cross-Site Scripting via PATH_INFO to todos/tag/
Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information.
by Mesut Timur
Spitfire 1.0.3x - 'cms_username' Cross-Site Scripting
by High-Tech Bridge SA
oscss2 2.1.0 rc12 - Multiple Vulnerabilities
by AutoSec Tools
osCSS 2.1 - Multiple Cross-Site Scripting / Local File Inclusions
by AutoSec Tools
Claroline 1.10 - Persistent Cross-Site Scripting
by AutoSec Tools
Andy's PHP Knowledgebase 0.95.4 - SQL Injection
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.
by AutoSec Tools
BackWPup < 1.7.1 - Remote Code Execution via wpabs Parameter
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
by Sense of Security
webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion
by eidelweiss
Honey Soft Web Solution - Multiple Vulnerabilities
by **RoAd_KiLlEr**
Claroline 1.10 - Multiple HTML Injection Vulnerabilities
by AutoSec Tools
Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities
by antisnatchor
By Source