Exploitdb Exploits
50,076 exploits tracked across all sources.
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
by Jared Stafford
CVSS 7.5
BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP
by Deepak Rathore
Joomla! Component Inneradmission - 'index.php' SQL Injection
by Lazmania61
Apple Mac OS X 10.9 - Denial of Service via Hard Link to Directory
Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105.
by Maksymilian Arciemowicz
Halon Security Router (SR) 3.2-winter-r1 - Multiple Vulnerabilities
by Juan Manuel Garcia
Fritz!Box Webcm - Command Injection (Metasploit)
by Metasploit
Atlassian JIRA <6.0.4 - Path Traversal
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
by Metasploit
XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities
by hackerDesk
Notepad++ DSpellCheck 1.2.12.0 - Denial of Service
by sajith
InfraRecorder 0.53 - Memory Corruption (Denial of Service)
by sajith
EagleGet 1.1.8.1 - Denial of Service
by Interference Security
Puntopy - 'novedad.php' SQL Injection
by Felipe Andrian Peixoto
MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service
by LiquidWorm
PHPFox 3.7.3-3.7.5 - Authenticated Privacy Bypass via Modified val[item_id] Parameter
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
by Wesley Henrique
XCloner < 3.1.1 - Cross-Site Request Forgery via Backup Creation
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
by High-Tech Bridge SA
IBM AIX 6.1/7.1 & VIOS 2.2.2.2-FP-26 SP-02 - Privilege Escalation
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
by Metasploit
A10 Networks ACOS <2.7.0-p6, <2.7.1-P1_55 - Buffer Overflow
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.
by Francesco Perna
Oracle Identity Manager 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2 - Open Redirect via backUrl Parameter
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
by Giuseppe D'Amore
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities
by Blessen Thomas
By Source