Exploitdb Exploits
31,394 exploits tracked across all sources.
Photodex ProShow Producer <5.0.3256 - Buffer Overflow
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
by Julien Ahrens
WordPress Plugin custom tables - 'key' Cross-Site Scripting
by Sammy FORGIT
PHP MBB - Cross-Site Scripting / SQL Injection
by TheCyberNuxbie
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
by Carlos Mario Penagos Hollmann
plow - '.plowrc' File Buffer Overflow
by Jean Pascal Pereira
VteTerminal < 0.32.2 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Kevin Fenzi
Microsoft IIS - Short File/Folder Name Disclosure
by Soroush Dalili
WordPress Plugin Backup 2.0.1 - Information Disclosure
by Stephan Knauss
python-wrapper - Untrusted Search Path/Code Execution
by ShadowHatesYou
IrfanView PlugIns < 4.33 - Remote Code Execution via Crafted JLS File
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
by Joseph Sheridan
WordPress Plugin Paid Business Listings 1.0.2 - Blind SQL Injection
by Chris Kellum
GIMP < 2.9.2 - Denial of Service via Malformed FITS File XTENSION Header
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
by Joseph Sheridan
SpecView < 2.5 Build 853 - Path Traversal via URI
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
by Luigi Auriemma
PowerNet Twin Client 8.9 - 'RFSync 1.0.0.1' Crash (PoC)
by Luigi Auriemma
phpmoneybooks 1.03 - Persistent Cross-Site Scripting
by chap0
LIOOSYS CMS - SQL Injection / Information Disclosure
by MustLive
SWFUpload < 2.2.0.1 - Cross-Site Scripting via movieName Parameter
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
by Nathan Partlan
TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities
by Rehan Ahmed
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
by Benjamin Kunz Mejri
Winlog Pro < 2.07.17 - Remote Code Execution via Invalid File-Pointer Index
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
by Luigi Auriemma
Zend Framework 1.x < 1.11.12 and 1.12.x < 1.12.0 - XML External Entity Injection via XML-RPC Request
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
by SEC Consult
CVSS 9.1
By Source