Exploitdb Exploits
1,269 exploits tracked across all sources.
SN News 1.2 - 'visualiza.php' SQL Injection
by WhiteCollarGroup
WP-Property <1.35.0 - RCE
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
by Sammy FORGIT
Asset-Manager <2.0 - RCE
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
by Sammy FORGIT
WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin HTML5 AV Manager 0.2.7 - Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin Google Maps via Store Locator 2.7.1 < 3.0.1 - Multiple Vulnerabilities
by Sammy FORGIT
WordPress Plugin Foxypress 0.4.1.1 < 0.4.2.1 - Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
PHP 5.3.10 - 'spl_autoload_register()' Local Denial of Service
by Yakir Wizman
PHP 5.3.10 - 'spl_autoload_call()' Local Denial of Service
by Yakir Wizman
PHP 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Dereference
by condis
PHP <5.4.3 - RCE
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
by 0in
Adobe Photoshop Cs5 - Memory Corruption
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element.
by rgod
OpenConf <4.12 - SQL Injection
SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by EgiX
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution
by AkaStep
Webcalendar < 1.2.5 - Injection
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
by EgiX
CVSS 9.8
Webcalendar < 1.2.5 - Injection
Local file inclusion in WebCalendar before 1.2.5.
by EgiX
CVSS 8.8
By Source