Exploitdb Exploits
31,344 exploits tracked across all sources.
SnowFlake CMS 0.9.5 Beta - 'uid' SQL Injection
by Dinesh Arora
Openldap < 10.6.5 - Denial of Service
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
by Ilkka Mattila
CVSS 9.8
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
by Ivanlef0u
Microsoft DirectX 8/9 DirectPlay - Multiple Denial of Service Vulnerabilities
by Luigi Auriemma
YACS CMS 10.5.27 - 'context[path_to_root]' Remote File Inclusion
by eidelweiss
Kayako eSupport 3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
by ScOrPiOn
iOffice 0.1 - 'parametre' Remote Command Execution
by Marshall Whittaker
Kayako eSupport <3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
by Sid3^effects
Subrion Auto Classifieds - Persistent Cross-Site Scripting
by Sid3^effects
Kayako eSupport 3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
by Sid3^effects
Joomla! - SQL Injection
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Palyo34 & KroNicKq
Joomla! Component com_spa - SQL Injection (2)
by Palyo34 & KroNicKq
Freelancers Marketplace Script - Persistent Cross-Site Scripting
by Sid3^effects
Freelancer Marketplace Script - Arbitrary File Upload
by Sid3^effects
Haihaisoft PDF Reader OCX Control 1.1.2.0 - Remote Buffer Overflow (PoC)
by shinnai
Pre SoftClones Marketing Management System - Authentication Bypass
by D4rk357
Pre Projects Pre Podcast Portal - SQL Injection
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
by D4rk357
Pre Dynamic Institution - Web Authentication Bypass
by D4rk357
By Source