Exploitdb Exploits
31,346 exploits tracked across all sources.
Visialis ABB Forum 1.1 - Info Disclosure
Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb.
by ViRuSMaN
Apple Safari - URL Redirect Target Disclosure via Stylesheet LINK Element
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.
by Cesar Cerrudo
ProfitCode Shopping Cart - Multiple Local/Remote File Inclusion Vulnerabilities
by Zer0 Thunder
Windows Live Messenger 2009 build 14.0.8089.726 - Denial of Service via ViewProfile Method
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
by HACKATTACK IT SECURITY GmbH
com_ksadvertiser - SQL Injection via pid Parameter
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.
by FL0RiX
DELTAScripts PHPLinks - 'catid' SQL Injection
by Hamza 'MizoZ' N.
DELTAScripts PHPClassifieds - 'rate.php' Blind SQL Injection
by Hamza 'MizoZ' N.
CU Village CMS Site 1.0 - 'print_view' Blind SQL Injection
by Red-D3v1L
K-Meleon 1.5.3 - Heap-Based Buffer Overflow via Large Precision Value in printf Format Argument
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
by Maksymilian Arciemowicz
Zeeways Technology - 'product_desc.php' SQL Injection
by Gamoscu
BTS-GI Read excel 1.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via upload.php
Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
by Yozgat.Us
Joomla! Component Regional Booking - 'id' Blind SQL Injection
by Hussin X
Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by emgent
dotProject 2.1.3 - Multiple SQL Injections / HTML Injection Vulnerabilities
by Justin C. Klein Keane
Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities
by R3d-D3V!L
AutoIndex PHP Script - 'index.php' Directory Traversal
by Red-D3v1L
Microsoft HTML Help Compiler (hhc.exe) - Buffer Overflow (PoC)
by s4squatch
By Source