Exploitdb Exploits
50,076 exploits tracked across all sources.
Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation
by LiquidWorm
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Core Security
PHP Webcam Video Conference - Multiple Vulnerabilities
by vinicius777
D-Link DIR-100 Firmware 4.03B07 - Unauthenticated Authentication Bypass via cli.cgi
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
by Felix Richter
CVSS 8.8
XnView 1.92.1 - Buffer Overflow via Long Filename Argument
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
by Sylvain THUAL
WordPress Theme Kiddo - Arbitrary File Upload
by TUNISIAN CYBER
TopicsViewer 3.0 Beta 1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
by AtT4CKxT3rR0r1ST
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
by TUNISIAN CYBER
owncloud < 6.0.1 - Authenticated Stored Cross-Site Scripting via Uploaded Filename
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
by absane
CVSS 5.4
Joomla! Component com_community 2.6 - Code Execution
by Matias Fontanini
ImpressCMS < 1.3.6 - Path Traversal and Arbitrary File Deletion via Image Path Parameter
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
by Pedro Ribeiro
Eventy Online Scheduler 1.8 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
Apache Tomcat 5.5.0-5.5.28 and 6.0.0-6.0.20 - Unauthenticated Privilege Escalation via Default Blank Admin Password
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
by Metasploit
VLC Media Player < 2.1.3 - Denial of Service via ASF File Packet Size Handling
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
by Saif
SkyBlueCanvas CMS <1.1 r248-04 - RCE
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
by Metasploit
Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
by Metasploit
D-Link DIR-100 4.03B07 - Insufficiently Protected Credentials
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
by Felix Richter
CVSS 9.8
By Source