Exploitdb Exploits
50,076 exploits tracked across all sources.
Google Chrome - 'layout' Out-of-Bounds Read
by Google Security Research
Teradici Management Console 2.2.0 - Privilege Escalation
by hantwister
D-Link DCS Series Cameras - Cross-Site Request Forgery via Insecure CrossDomain.XML
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.
by SlidingWindow
CVSS 8.8
Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access
by Google Security Research
Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check
by Google Security Research
Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption
by Google Security Research
ProjectSend r754 - Insecure Direct Object Reference
by Vulnerability-Lab
Joomla! Component Magic Deals Web 1.2.0 - SQL Injection
by Ihsan Sencan
Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' SQL Injection
by Ihsan Sencan
Joomla! Component J-HotelPortal 6.0.2 - 'review_id' SQL Injection
by Ihsan Sencan
Joomla! Component J-CruiseReservation Standard 3.0 - 'city' SQL Injection
by Ihsan Sencan
Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection
by Ihsan Sencan
Joomla! Component Eventix Events Calendar 1.0 - SQL Injection
by Ihsan Sencan
Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection
by Ihsan Sencan
Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection
by Ihsan Sencan
Adobe Flash Player < 24.0.0.194 - Remote Code Execution via FLV Codec Heap Overflow
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 24.0.0.194 - Use-After-Free in ActionScript 3 BitmapData
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 24.0.0.194 - Memory Corruption via Garbage Collection
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 24.0.0.194 - Remote Code Execution via MP4 Header Parsing
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Grails PDF Plugin 0.6 - XML External Entity Injection
by Charles Fol
Lock Photos Album&Videos Safe 4.3 - Directory Traversal
by Vulnerability-Lab
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery
by Indrajith.A.N
Joomla! Component PayPal IPN for DOCman 3.1 - 'id' SQL Injection
by Ihsan Sencan
Joomla! Component MaQma Helpdesk 4.2.7 - 'id' SQL Injection
by Ihsan Sencan
By Source