Exploitdb Exploits
50,095 exploits tracked across all sources.
Seagull <= 0.6.7 - SQL Injection via frmQuestion Parameter
SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.
by Sweet
Multi-lingual E-Commerce System 0.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/.
by JosS
Max's Guestbook - HTML Injection / Cross-Site Scripting
by MiND C0re
GuestBookPlus - HTML Injection / Bypass Comments Limit
by MiND C0re
nginx <0.5.37, <0.6.39, <0.7.62, <0.8.15 - RCE
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
by Aaron Conole
LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC)
by LiquidWorm
XOOPS Article Module - SQL Injection via id Parameter
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by []0iZy5
Textpattern CMS 4.2.0 - Remote Code Execution via index.php inc Parameter
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
by Sn!pEr.S!Te
galeriashqip 1.0 - SQL Injection via album_id Parameter
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.
by Valentin
diy-cms 1.0 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php.
by LoSt.HaCkEr
CF Image Hosting Script 1.3 - 'settings.cdb' Information Disclosure
by Dr.$audi
Blogman 0.7.1 - 'profile.php' SQL Injection
by Ptrace Security
Pecio CMS 2.0.5 - Remote Code Execution via Template Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/.
by eidelweiss
iGaming CMS < 1.5 - SQL Injection via browse Parameter
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.
by Sweet
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution
by Nikolas Sotiriu
Linux kernel <2.6.27.53-2.6.35.4 - RCE/DoS
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
by Jon Oberheide
Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
TCMS - Multiple Input Validation Vulnerabilities
by High-Tech Bridge SA
By Source