Exploitdb Exploits
50,095 exploits tracked across all sources.
SIPfoundry sipXtapi <20060324 - RCE
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
by Metasploit
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
by Metasploit
CVSS 7.8
SaschArt SasCAM Webcam Server <= 2.7 - Denial of Service via Long GET Request
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request.
by fl0 fl0w
iSharer File Sharing Wizard 1.5.0 - Stack-Based Buffer Overflow via Long Content-Length Header
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header.
by m-1-k-3
Sell@Site PHP Online Jobs Login - Multiple SQL Injections
by L0rd CrusAd3r
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)
by Metasploit
CUPS < 1.4.4 - Information Disclosure via Malformed Percent-Encoded URI Parameter
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
by Luca Carettoni
Smart ASP Survey - Cross-Site Scripting via catid Parameter
Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter.
by L0rd CrusAd3r
SAS Hotel Management System - 'notfound' SQL Injection
by L0rd CrusAd3r
Restaurant Listing with Online Ordering - SQL Injection
by L0rd CrusAd3r
IISWorks FileMan - fileman.mdb Remote User Database Disclosure
by j0fer
Business Classified Listing - SQL Injection
by L0rd CrusAd3r
XnView 1.97.4 - Heap-Based Buffer Overflow via MultiBitMap Paint Data Section
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
by Mauro Olea
Python 2.5.0-2.5.5 - Out-of-bounds Write in audioop Module
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
by haypo
VideoWhisper PHP 2 Way Video Chat - Cross-Site Scripting via r Parameter
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php.
by Sid3^effects
MODx 1.0.3 - 'index.php' Multiple SQL Injections
by High-Tech Bridge SA
Lyrics Script - SQL Injection / Cross-Site Scripting
by Valentin
Joke Website Script - SQL Injection / Cross-Site Scripting
by Valentin
Daily Inspirational Quotes Script - SQL Injection
by Valentin
By Source