Exploitdb Exploits
31,346 exploits tracked across all sources.
jQuery Uploadify 2.1.0 - Arbitrary File Upload
by k4cp3r/Ablus
Sun Java System Web Server 7.0 Update 7 - Heap-Based Buffer Overflow via Long Digest Authorization Header
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
by Intevydis
Microsoft Internet Explorer 6.0/7.0 - Null Pointer crashes
by Skylined
KloNews 2.0 - Cross-Site Scripting via cat Parameter
Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
by cr4wl3r
Chipmunk NewsLetter 2.0 - Multiple Cross-Site Scripting Vulnerabilities
by b0telh0
AOL <= 9.5 (Revision 4337.155) - Stack-based Buffer Overflow via Phobos.Playlist Import Method
AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.
by Hellcode Research
Windows SYSTEM Escalation via KiTrap0D
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
by Tavis Ormandy
CVSS 7.8
OpenOffice - '.slk' Parsing Null Pointer
by Hellcode Research
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections
by AmnPardaz Security Research Team
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
AdvertisementManager 3.1.0 - Remote Code Execution via req Parameter
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by indoushka
Blaze Apps 1.x - SQL Injection / HTML Injection
by AmnPardaz Security Research Team
OpenOffice 3.1 - '.slk' Null Pointer Dereference Remote Denial of Service
by Hellcode Research
SurgeFTP 2.x - 'surgeftpmgr.cgi' Multiple Cross-Site Scripting Vulnerabilities
by indoushka
Adobe AIR < 1.5.3.9130 and Flash Player < 10.0.45.2 - Denial of Service via Modified SWF File
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
by Mert SARICA
Testlink TestManagement and Execution System 1.8.5 - Multiple Directory Traversal Vulnerabilities
by Prashant Khandelwal
TestLink 1.8.5 - 'order_by_login_dir' Cross-Site Scripting
by Prashant Khandelwal
By Source