Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft Windows - Touch Injection API Local Denial of Service
by Tavis Ormandy
Easy File Management Web Server 5.3 - Remote Stack Buffer Overflow
by superkojiman
Easy Address Book Web Server 1.6 - Remote Stack Buffer Overflow
by superkojiman
Booking System < 1.3 - Authenticated SQL Injection via booking_form_id Parameter
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
by maodun
mod_wsgi < 3.4 - Exposure of Sensitive Information via Content-Type Header
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
by Buck Golemon
CVSS 7.5
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
by Samandeep Singh
Clipperz Password Manager - '/backend/PHP/src/setup/rpc.php' Remote Code Execution
by Manish Tanwar
SafeNet Sentinel Protection Server <7.4.0 - Path Traversal
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
by Matt Schmidt
HP Release Control <9.13-9.21 - Info Disclosure
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.
by Brandon Perry
CyberLink Power2Go Essential 9.0.1002.0 - Registry Buffer Overflow (SEH Unicode)
by Mike Czumak
XOOPS 1.0 - Glossaire module - SQL Injection
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
by AtT4CKxT3rR0r1ST
WordPress Plugin NextGEN Gallery 1.9.1 - 'photocrati_ajax' Arbitrary File Upload
by SANTHO
SPIP <3.0.9, <2.1.22, <2.0.23 - Privilege Escalation
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
by Gregory Draperi
Softmatica SMART iPBX - Multiple SQL Injections
by AtT4CKxT3rR0r1ST
WordPress Plugin cnhk-Slideshow - Arbitrary File Upload
by Ashiyane Digital Security Team
Nagios Plugins <2.0.2 - Info Disclosure
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
by Dawid Golunski
cairo 1.10.2 - Denial of Service via Large String in cairo_image_surface_get_data
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
by Osanda Malith Jayathissa
Winamp < 5.666 - Denial of Service via Malformed FLV File
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
by Aryan Bayaninejad
ALLPlayer - '.wav' File Processing Memory Corruption
by Aryan Bayaninejad
EGroupware < 1.6.001 and < 1.8006 - Cross-Site Request Forgery via Admin User Creation or Settings Modification
Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.
by High-Tech Bridge SA
By Source