Exploitdb Exploits
50,095 exploits tracked across all sources.
2DayBiz Matrimonial Script - SQL Injection / Cross-Site Scripting
by Sangteamtham
2DayBiz B2B Portal Script - 'selling_buy_leads1.php' SQL Injection
by r45c4l
2daybiz Custom T-Shirt Design Script - SQL Injection
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.
by Sangteamtham
feh < 1.8 - Remote Code Execution via URL Shell Metacharacters
feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
by anonymous
Cisco ASA 5580 - CRLF Injection via WebVPN URI
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.
by Daniel King
2daybiz Web Template Software - Cross-Site Scripting via Category Keyword or Member Login Password Parameter
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
by Sangteamtham
Novell iManager <=2.7.3 FTF2 - Authenticated RCE via EnteredClassID/NewClassName
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
by Core Security Technologies
UFO: Alien Invasion <= 2.2.1 - Stack-based Buffer Overflow in IRC Client via Crafted 001 Message
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
by Jason Geffner
NO-IP.com Dynamic DNS Update Client 2.2.1 - 'Request' Insecure Encoding Algorithm
by sinn3r
OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities
by David Shaw
OneCMS 2.6.1 - 'short1' Cross-Site Scripting
by High-Tech Bridge SA
OneCMS 2.6.1 - 'search' SQL Injection
by High-Tech Bridge SA
OneCMS 2.6.1 - 'cat' Cross-Site Scripting
by High-Tech Bridge SA
Realtyna Translator 1.0.15 - Path Traversal
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by MISTERFRIBO
Big Forum 5.2 - Arbitrary File Upload / Local File Inclusion
by Zer0 Thunder
Insanevisions Adapcms - Code Injection
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
by v3n0m
ActiveCollab 2.3.0 - Local File Inclusion / Directory Traversal
by Jose Carlos de Arriba
By Source