Exploitdb Exploits
50,095 exploits tracked across all sources.
WordPress Plugin Events Manager Extended - Persistent Cross-Site Scripting
by Craw
Santafox 2.0.2 - 'search' Cross-Site Scripting
by High-Tech Bridge SA
MySource Matrix 3.28.3 - Cross-Site Scripting via char_map.php Height or Width Parameter
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter.
by Gjoko Krstic
Joomla! com_aardvertiser 2.1-2.1.1 - SQL Injection
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
by Stephan Sattler
Horde Application Framework <3.3.9 - XSS
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
by Moritz Naumann
HeffnerCMS 1.22 - 'index.php' Local File Inclusion
by MiND C0re
BlueCMS 1.6 - 'x-forwarded-for' Header SQL Injection
by cnryan
Micronetsoft RV Dealer Website 1.0 - SQL Injection
SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter.
by L0rd CrusAd3r
Micronetsoft Rental Property Mgmt <1.0 - SQL Injection
SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter.
by L0rd CrusAd3r
DMXReady Members Area Manager - Persistent Cross-Site Scripting
by L0rd CrusAd3r
chillyCMS 1.1.3 - SQL Injection via Name Parameter
SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
by AmnPardaz
Microsoft Windows MPEG Layer-3 Audio Codecs - Remote Code Execution via Crafted AVI File
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
by Abysssec
Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC)
by Abhishek Lyall
Softbiz Article Directory Script - SQL Injection
SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter.
by h4ck3r
ijoomla com_magazine 3.0.1 - Remote Code Execution via Config Parameter
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
by LoSt.HaCkEr
Gantry (com_gantry) 3.0.10 - SQL Injection via moduleid Parameter
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
by jdc
Joomla! com_clantools 1.2.3 - SQL Injection
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
by Solidmedia
Joomla! com_clantools 1.2.3 - SQL Injection
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
by Solidmedia
chillyCMS 1.1.3 - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information.
by AmnPardaz
A-Blog 2.0 - SQL Injection via Search Words Parameter
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
by Ptrace Security
DMXReady Polling Booth Manager - SQL Injection
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.
by L0rd CrusAd3r
Microsoft Windows Movie Maker 2.1, 2.6, 6.0 and Producer 2003 - Remote Code Execution via Crafted Project File
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
by Abysssec
By Source