Exploitdb Exploits
31,346 exploits tracked across all sources.
libtiff 3.8.2 - Denial of Service via LZWDecodeCompat Buffer Underflow
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
by wololo
neon < 0.28.6 - Denial of Service via Nested XML Entity Expansion
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
by Peter Valchev
McAfee IntruShield Network Security Manager < 5.1.11.6 - Cross-Site Scripting via Login.jsp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
by Daniel King
McAfee Network Security Manager < 5.1.11.8.1 - Information Disclosure
by Daniel King
Free Download Manager <3.0.844 - RCE
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.
by Carsten Eiram
WordPress < 2.8.5 - Authenticated Remote Code Execution via Multiple-Extension Filename Upload
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
by Dawid Golunski
macOS < 10.6.2 - Cross-Site Scripting via CUPS Web Interface
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
by Aaron Sigel
WordPress MU 1.2.2 < 1.3.1 - '/wp-includes/wpmu-functions.php' Cross-Site Scripting
by Juan Galiana Lara
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
by Fernando Arnaboldi
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews < 8b - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
by Andrew Horton
CuteNews 1.4.6 and UTF-8 CuteNews < 8b - Authenticated Article Modification via ID Parameter
The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.
by Andrew Horton
CuteNews 1.4.6 - Cross-Site Scripting via lastusername/mod Parameters and title Parameter
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php.
by Andrew Horton
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews < 8b - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
by Andrew Horton
CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b - Stored Cross-Site Scripting via News Article Body
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.
by Andrew Horton
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews < 8b - Cross-Site Request Forgery via Edit Users Action
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.
by Andrew Horton
CutePHP CuteNews <8b - Info Disclosure
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.
by Andrew Horton
Apache HTTP Server < 2.2.14 - Plaintext Injection via TLS Renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
by Dan Kaminsky
WP-Cumulus < 1.23 - Cross-Site Scripting via Tagcloud Parameter
Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.
by MustLive
Blender 2.49b - '.blend' Remote Command Execution
by Fernando Russ
Apache Tomcat - Form Authentication 'Username' Enumeration
by D. Matscheko
Apache Tomcat - Cookie Quote Handling Remote Information Disclosure
by John Kew
Apache mod_perl - Cross-Site Scripting via URI Parameter in Apache::Status
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
by Richard H. Brain
Adobe Acrobat and Reader < 9.2 - Remote Code Execution
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
by Felipe Andres Manzano
OpenLDAP 2.3.39 - MODRDN Remote Denial of Service
by Ralf Haferkamp
Linux kernel <2.6.32 - Local Privilege Escalation
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
by Akira Fujita
By Source