Exploitdb Exploits
50,095 exploits tracked across all sources.
Mediacoder 0.7.5.4792 - Local Buffer Overflow (SEH)
by 0v3r
Wernhart Guestbook 2001.03.28 - Multiple SQL Injections
by Aliaksandr Hartsuyeu
Diferior 8.03 - Stored Cross-Site Scripting via Post Content or Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php.
by High-Tech Bridge SA
Car Portal 2.0 - 'car_make' Cross-Site Scripting
by Underground Stockholm
4homepages 4Images 1.7.x - 'categories.php' SQL Injection
by Ahmed Atif
HP 9000 - Path Traversal
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
by n.runs AG
MicroNetsoft RV Dealer Website - SQL Injection via selStock or orderBy Parameter
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.
by underground-stockholm.com
OtsTurntables 1.00.048 - '.m3u'/'.ofl' Local Buffer Overflow (SEH)
by 0v3r
CA Internet Security Suite Plus 2010 - Local Denial of Service and Arbitrary Code Execution via KmxSbx.sys IOCTL
Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.
by Nikita Tarakanov
Hanso Player 1.4.0 - '.m3u' Denial of Service
by anT!-Tr0J4n
Skeletonz CMS 1.0 - Cross-Site Scripting via Blog Comment Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
by Jbyte
Site2Nite Big Truck Broker - SQL Injection via txtSiteId Parameter
SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter.
by underground-stockholm.com
jurpopage 0.2.0 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
by Sudden_death
MemHT Portal 4.0.1 - 'User Agent' Persistent Cross-Site Scripting
by ZonTa
jurpopage 0.2.0 - SQL Injection via note or pg Parameter
Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Sudden_death
Linux Kernel < 2.6.37 - Denial of Service via SOCK_SEQPACKET Garbage Collection
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
by Key Night
Linux Kernel < 2.6.36 - Denial of Service via Stack Memory Consumption
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
by Roland McGrath
PHP Web Scripts Easy Banner Free 2009.05.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
by Aliaksandr Hartsuyeu
PHP Web Scripts Easy Banner Free <2009.05.18 - SQL Injection
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by Aliaksandr Hartsuyeu
E-lokaler CMS 2 - Admin Login Multiple SQL Injections
by ali_err0r
SystemTap 1.3 - Privilege Escalation via MODPROBE_OPTIONS Environment Variable
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
by Tavis Ormandy
Linux Kernel < 2.6.37 - Denial of Service via Stack Memory OOM Bypass
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
by Roland McGrath
NCH Officeintercom 5.20 - Remote Denial of Service
by xsploited security
By Source