Exploitdb Exploits
31,394 exploits tracked across all sources.
PHP < 5.3.6 - Denial of Service via NumberFormatter::setSymbol Invalid Argument
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
by thoger
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
SmarterMail 7.1.3876 - Path Traversal
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
by Hoyt LLC Research
Safari < 5.0.4 - Same Origin Policy Bypass via WebKit Window Functionality
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
by Aaron Sigel
recordpress 0.3.1 - Multiple Vulnerabilities
by Khashayar Fereidani
WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting
by High-Tech Bridge SA
WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting
by High-Tech Bridge SA
WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities
by High-Tech Bridge SA
WordPress Plugin 1 Flash Gallery 0.2.5 - Cross-Site Scripting / SQL Injection
by High-Tech Bridge SA
Ruubikcms 1.0.3 - 'head.php' Cross-Site Scripting
by Khashayar Fereidani
Kodak InSite 5.5.2 - Cross-Site Scripting via Language Parameter, HeaderWarning Parameter, or User-Agent Header
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.
by Dionach
Kodak InSite 5.5.2 - Cross-Site Scripting via Language Parameter, HeaderWarning Parameter, or User-Agent Header
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.
by Dionach
FocalMedia.Net Quick Polls < 1.0.1 - Path Traversal and Arbitrary File Deletion via p Parameter
Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.
by Mark Stanislav
Microsoft .NET Framework 3.5 Gold/SP1, 3.5.1, 4.0 - Remote Code Execution via JIT Compiler Null String Handling
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
by Brian Mancini
CVSS 7.7
Lms Web Ensino - Multiple Input Validation Vulnerabilities
by waKKu
By Source