Exploitdb Exploits
50,076 exploits tracked across all sources.
mp3info 0.8.4 - Buffer Overflow via Long Command Line Argument
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
by jsacco
HP Storage Data Protector 6.2X - Remote Code Execution or Denial of Service
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
by Metasploit
DaumGame ActiveX Control 1.1.0.4 and 1.1.0.5 - Buffer Overflow via IconCreate Method
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
by Trustwave's SpiderLabs
Ammyy Admin < 3.2 - Improper Authentication via Fixed Memory Location
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file.
by Bhadresh Patel
CVSS 7.8
NCH Software Express Burn Plus 4.68 - '.EBP' Project File Buffer Overflow
by LiquidWorm
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
WordPress Plugin WP E-Commerce - Multiple Vulnerabilities
by KedAns-Dz
SkyBlueCanvas CMS <1.1 r248-04 - RCE
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
by Scott Parish
StackIdeas Komento < 1.7.3 - Cross-Site Scripting via Website or Latitude Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
by High-Tech Bridge SA
JV Comment (com_jvcomment) < 3.0.3 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
by High-Tech Bridge SA
Franklin Fueling Systems TS-550 evo <2.4.0 - Privilege Escalation
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
by Trustwave's SpiderLabs
Simple e-document 1.31 - SQL Injection via Username Parameter
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by vinicius777
iTechClassifieds 3.03.057 - SQL Injection via ChangeEmail.php PreviewNum Parameter
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
by vinicius777
Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection
by vinicius777
By Source