Exploitdb Exploits
31,339 exploits tracked across all sources.
plow - '.plowrc' File Buffer Overflow
by Jean Pascal Pereira
Gnome Terminal <0.32.2 - DoS
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Kevin Fenzi
Microsoft IIS - Short File/Folder Name Disclosure
by Soroush Dalili
WordPress Plugin Backup 2.0.1 - Information Disclosure
by Stephan Knauss
python-wrapper - Untrusted Search Path/Code Execution
by ShadowHatesYou
Irfanview Plugins < 4.33 - Memory Corruption
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
by Joseph Sheridan
WordPress Plugin Paid Business Listings 1.0.2 - Blind SQL Injection
by Chris Kellum
GIMP <2.8.1 - DoS
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
by Joseph Sheridan
Specview < 2.5 - Path Traversal
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
by Luigi Auriemma
PowerNet Twin Client 8.9 - 'RFSync 1.0.0.1' Crash (PoC)
by Luigi Auriemma
phpmoneybooks 1.03 - Persistent Cross-Site Scripting
by chap0
LIOOSYS CMS - SQL Injection / Information Disclosure
by MustLive
Swfupload < 2.2.0.1 - XSS
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
by Nathan Partlan
TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities
by Rehan Ahmed
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
by Benjamin Kunz Mejri
Sielcosistemi Winlog Pro < 2.07.16 - Improper Input Validation
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
by Luigi Auriemma
Zend Framework < 1.11.12 - XXE
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
by SEC Consult
CVSS 9.1
Symantec Web Gateway <5.0.3 - Info Disclosure
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.
by S2 Crew
Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass
by Security Explorations
WordPress Plugin Website FAQ 1.0 - SQL Injection
by Chris Kellum
DigPHP - 'dig.php' Script Remote File Disclosure
by Ryuzaki Lawlet
By Source