Exploitdb Exploits
50,076 exploits tracked across all sources.
Mediacoder 0.8.34.5716 - '.m3u' Local Buffer Overflow (SEH)
by evil_comrade
elFinder 2 - Remote Command Execution (via File Creation)
by TUNISIAN CYBER
PDF Converter & Editor 2.1 iOS - Local File Inclusion
by Vulnerability-Lab
Invision Power Board <= 2.0.3 - Cross-Site Scripting via Highlite Parameter
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
by GulfTech Security
RM Downloader 2.7.5.400 - Local Buffer Overflow (Metasploit)
by TUNISIAN CYBER
WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities
by Felipe Molina
Debian Linux < 3.1.1 - Improper Input Validation
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
by beford
Adobe Flash Player <13.0.0.252/14.x-15.x<15.0.0.223 - RCE/DoS via Memory Corruption
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.
by Metasploit
TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC)
by Security-Assessment.com
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Request Forgery via tcp_box_path Parameter
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
by High-Tech Bridge SA
TheCartPress <1.3.9.3 - Path Traversal
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
by High-Tech Bridge SA
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.
by High-Tech Bridge SA
Foxit Reader, Enterprise Reader, and PhantomPDF < 7.1.5 - Denial of Service via Crafted GIF in PDF
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.
by Francis Provencher
TheCartPress <1.3.9.3 - Info Disclosure
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
by High-Tech Bridge SA
CVSS 7.5
Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition Privilege Escalation
by Ben Sheppard
Apple iTunes 10.6.1.7 - '.pls' Title Buffer Overflow
by Fady Mohammed Osman
UniPDF 1.2 - 'xml' Buffer Overflow Crash (PoC)
by Avinash Thapa
WordPress <4.2.1 - XSS
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
by klikki
OTRS 3.1.x < 3.1.20, 3.2.x < 3.2.15, 3.3.x < 3.3.5 - Cross-Site Scripting via Crafted HTML Email
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
by Adam Ziaja
By Source