Exploitdb Exploits
50,076 exploits tracked across all sources.
Joomla! Component Photo Contest 1.0.2 - SQL Injection
by Ihsan Sencan
Joomla! Component Bargain Product VM3 1.0 SQL Injection
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
Joomla! Component Price Alert 3.0.2 SQL Injection
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product_id parameter to extract sensitive database information including credentials and configuration data.
by Ihsan Sencan
CVSS 8.2
My Video Converter 1.5.24 - Local Buffer Overflow (SEH)
by Anurag Srivastava
MP3 WAV to CD Burner 1.4.24 - Local Buffer Overflow (SEH)
by Anurag Srivastava
Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Local Buffer Overflow (SEH)
by Anurag Srivastava
Easy AVI DivX Converter 1.2.24 - Local Buffer Overflow (SEH)
by Anurag Srivastava
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
libgig 4.0.0 - Denial of Service via Crafted GIG File
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
BE126 WIFI Repeater 1.0 - Local File Disclosure via getpage Parameter
There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.
by Hay Mizrachi
CVSS 7.5
VX Search Enterprise 9.9.12 - 'Import Command' Local Buffer Overflow
by Anurag Srivastava
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)
by Metasploit
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)
by Metasploit
Disk Savvy Enterprise 9.9.14 - 'Import Command' Local Buffer Overflow
by Anurag Srivastava
Disk Pulse Enterprise 9.9.16 - 'Import Command' Local Buffer Overflow
by Anurag Srivastava
ALC WebCTRL <6.5 - Code Injection
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
by LiquidWorm
CVSS 7.0
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
by Metasploit
CVSS 9.8
ALC WebCTRL <6.5 - Remote Code Execution
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.
by LiquidWorm
CVSS 7.8
ALC WebCTRL <6.5 - Path Traversal
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.
by LiquidWorm
CVSS 6.3
Joomla! Component Flip Wall 8.0 SQL Injection
Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_flipwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information.
by Ihsan Sencan
CVSS 7.1
By Source