Exploitdb Exploits
50,095 exploits tracked across all sources.
ApPHP PHP MicroCMS 1.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable.
by Abysssec
I-Escorts Directory Script and Agency Script - Cross-Site Scripting via search_name or languages Parameter
Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.
by 599eme Man
Mollify 1.6 and 1.6.5.5 - Cross-Site Scripting via Confirm Parameter
Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information.
by John Leitch
eNdonesia 8.4 - SQL Injection via Publisher Module artid Parameter
SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.
by vYc0d
CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion
by John Leitch
ATutor 1.0 - Multiple 'cid' Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
AContent 1.0 - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
AChecker 1.0 - 'URI' Cross-Site Scripting
by High-Tech Bridge SA
Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow
by Abysssec
Mozilla Firefox <4.0 - Info Disclosure
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
by Amit Klein
PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
by Valentin Hoebel
PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
by Valentin Hoebel
Joomla! com_jgen 0.9.33 - SQL Injection
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
by **RoAd_KiLlEr**
E-Xoopport Samsara <3.1 - SQL Injection
SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action.
by _mRkZ_
IBM Lotus Domino <8.0.2 FP5-8.5.1 FP2 - RCE
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
by A. Plaskett
freediscussionforums 1.0 - Multiple Vulnerabilities
by Abysssec
RealNetworks RealPlayer <11.1 - RCE
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
by Abysssec
Kingsoft Antivirus <2010.04.26.648 - Buffer Overflow
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
by Lufeng Li
UCenter Home 2.0 - SQL Injection via shop.php shopid Parameter
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
by KnocKout
Joomla! Component com_mtree 2.1.5 - Arbitrary File Upload
by jdc
By Source