Exploitdb Exploits
1,269 exploits tracked across all sources.
WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload
by DevilScreaM
Limonade Framework - 'limonade.php' Local File Disclosure
by Yashar shahinzadeh
WordPress Theme Kernel - Arbitrary File Upload
by link_satisi
WordPress Theme This Way - 'upload_settings_image.php' Arbitrary File Upload
by Bet0
Joomla! Component Maian15 - 'name' Arbitrary File Upload
by SultanHaikal
PHP Point Of Sale - 'ofc_upload_image.php' Remote Code Execution
by Gabby
WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution
by wantexz
HP ProCurve Manager <4.0 - RCE
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
by rgod
CVSS 9.8
WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution
by wantexz
Joomla! Component com_rokdownloads - Arbitrary File Upload
by Am!r
imacs CMS 0.3.0 - Unrestricted Arbitrary File Upload
by CWH Underground
BloofoxCMS - 'index.php' Arbitrary File Upload
by CWH Underground
SMF - '/index.php' HTML Injection / Multiple PHP Code Injection Vulnerabilities
by Jakub Galczyk
iTop 1.1.181-1.2.0-RC-282 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by LiquidWorm
Foxit Reader Plugin 2.2.1.530 - Buffer Overflow
Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code.
by rgod
Multiple WordPress WPScientist Themes - Arbitrary File Upload
by JingoBD
VoipNow Service Provider Edition - Arbitrary Command Execution
by i-Hmx
IRIS <1.3 - RCE
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.
by aeon
CVSS 9.8
Invision Power Board <3.3.x - Unknown Vuln
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
by webDEViL
Microsoft Internet Explorer 9 - Memory Corruption Crash (PoC)
by Jean Pascal Pereira
Invision Power Board <3.3.x - Unknown Vuln
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
by EgiX
EasyITSP - 'customers_edit.php' Authentication Bypass
by Michal Blaszczak
By Source