Exploitdb Exploits
50,095 exploits tracked across all sources.
Hycus CMS 1.0.3 - SQL Injection via user_name, usr_email, useremail, or q Parameter
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
Html-edit CMS 3.1.8 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
by High-Tech Bridge SA
Html-edit CMS 3.1.8 - SQL Injection via nuser Parameter
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.
by High-Tech Bridge SA
Habari 0.6.5 - Cross-Site Scripting via additem_form and status_data Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
Openfiler 2.3 - Cross-Site Scripting via Device Parameter
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.
by db.pub.mail
CVSS 6.1
Microsoft SQL Server <7.0 - Privilege Escalation
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
by Metasploit
Ecava IntegraXor < 3.6.4000.0 - Path Traversal via File Name Parameter
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
by Luigi Auriemma
Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal
by waraxe
Microsoft Internet Information Services FTP Service 7.0-7.5 - Remote Code Execution via Crafted FTP Command
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
by Matthew Bergin
WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities
by Richard Brain
Social Share - 'Username' SQL Injection
by Aliaksandr Hartsuyeu
S9Y Serendipity 1.5.4 - Arbitrary File Upload
by pentesters.ir
Joomla! Component com_xgallery 1.0 - Local File Inclusion
by KelvinX
ImpressCMS 1.2.x - 'quicksearch_ContentContent' HTML Injection
by High-Tech Bridge SA
Hycus CMS 1.0.3 - Path Traversal via Site Parameter
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
by High-Tech Bridge SA
html-edit CMS 3.1.8 - Exposure of Sensitive Information via Direct Request to Core Files
Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.
by High-Tech Bridge SA
Habari 0.6.5 - Unauthenticated Sensitive Information Exposure via Direct Request
Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.
by High-Tech Bridge SA
Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
FreeNAS 0.7.2.5543 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by db.pub.mail
Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection
by Jan Fry
MHonArc 2.6.16 - Denial of Service via Nested Start Tags
MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.
by anonymous
By Source