Exploitdb Exploits
50,095 exploits tracked across all sources.
PHPFinance 0.6 - '/group.php' SQL Injection / HTML Injection
by skskilL
Tomaz Muraus Open Blog 1.2.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by High-Tech Bridge SA
Nuked-Klan Partenaires 1.5 - SQL Injection
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Metropolis
Muraus Open Blog - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
Hulihan BXR 0.6.8 - SQL Injection via order_by Parameter
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
by High-Tech Bridge SA
Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
DiamondList 0.1.6 - Cross-Site Request Forgery in User Update Function
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
by High-Tech Bridge SA
DiamondList 0.1.6 - Cross-Site Scripting via Category Description and Site Title Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
by High-Tech Bridge SA
DiamondList 0.1.6 - Cross-Site Scripting via Category Description and Site Title Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
by High-Tech Bridge SA
cctiddly 1.7.4 and 1.7.6 - Remote Code Execution via cct_base Parameter
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
by eidelweiss
APBoard Developers APBoard < 2.1.0 - SQL Injection via id Parameter
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
by secret
Uzbl <2010.08.05 - Command Injection
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
by Chuzz
DT Centrepiece 4.5 - Cross-Site Scripting / Security Bypass
by High-Tech Bridge SA
FathFTP 1.8 - 'FileExists Method' ActiveX Buffer Overflow (SEH)
by H4kr3m
FathFTP 1.8 - 'EnumFiles Method' ActiveX Buffer Overflow (SEH)
by Madjix
FathFTP 1.8 - 'DeleteFile Method' ActiveX Buffer Overflow (SEH)
by Madjix
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
by Oh Yaw Theng
K-Meleon 1.x - URI Handling Multiple Denial of Service Vulnerabilities
by Lostmon
iPhone OS - Remote Code Execution via Crafted CFF Opcodes in Embedded Fonts
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
by jailbreakme
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
by Nahuel Riva
FathFTP ActiveX control <1.7 - Buffer Overflow
Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method.
by Madjix
By Source