Exploitdb Exploits
50,076 exploits tracked across all sources.
VideoCharge Watermark Master 2.2.23 - Remote Code Execution via Long Name Attribute in .wstyle File
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
by Mike Czumak
Symantec Altiris Deployment Solution 6.8.x-6.9.x - SQL Injection via Notification Packet String Fields
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
by Metasploit
Testa Online Test Management System 2.0.0.2 - SQL Injection via test_id Parameter
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.
by Ashiyane Digital Security Team
TOSHIBA TEC e-Studio 232, 233, 282, and 283 - Cross-Site Request Forgery in TopAccess
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by Hubert Gradek
VideoSpirit Pro 1.90 - Local Buffer Overflow (SEH)
by metacom
VideoSpirit Lite 1.77 - Local Buffer Overflow (SEH)
by metacom
ALLPlayer 5.6.2-5.8.1 - Buffer Overflow via .m3u Playlist File
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
by Mike Czumak
Provj 5.1.5.8 - 'm3u' Buffer Overflow (PoC)
by Necmettin COSKUN
Hanso Converter 2.4.0 - 'ogg' Buffer Overflow (Denial of Service)
by Necmettin COSKUN
Juniper Junos Authenticated RCE via J-Web PHP rsargs Parameter
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
by Sense of Security
WordPress Theme Highlight Premium - Cross-Site Request Forgery / Arbitrary File Upload
by DevilScreaM
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Command Injection
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
by Metasploit
VICIDIAL < 2.7 - SQL Injection via Campaign Variable in SCRIPT_multirecording_AJAX.php
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
by Metasploit
Vanilla Forums <2.0.18.8 - Code Injection
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
by EgiX
projeqtor 3.4.0 - SQL Injection via objectId Parameter
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
by Vicente Aguilera Diaz
Horde Groupware Webmail Edition - Cross-Site Request Forgery and Cross-Site Scripting in Saved Search
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
by Marcela Benetrix
CVSS 8.8
appRain CMF < 3.0.2 - SQL Injection via PATH_INFO to blog-by-cat/
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
by High-Tech Bridge SA
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Info Disclosure
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
by Metasploit
Vivotek IP7160 IP7361 IP8332 Firmware - Unauthenticated RTSP Authentication Bypass
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
by Core Security
CVSS 7.5
HOT HOTBOX Router Firmware 2.1.11 - Denial of Service via Crafted HTTP POST Data
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
by Oz Elisyan
RASPcalendar 1.01 (ASP) - Admin Login
by Hackeri-AL UAH-Crew
WordPress Theme Kernel - Arbitrary File Upload
by link_satisi
HansoTools Hanso Player <2.5.0 - Buffer Overflow
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
by Necmettin COSKUN
By Source