Exploitdb Exploits
50,076 exploits tracked across all sources.
7-Technologies IGSS <9.00.00.11059 - Path Traversal
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
by Metasploit
HP IMC and IMC Branch Intelligent Management System Software Module - Remote Code Execution
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
by Metasploit
Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation
by Ahmad Moghimi
Course Registration Management System - Cross-Site Scripting / SQL Injection
by Omar Kurt
Apache Shindig 2.5.0-beta1-2.5.0 - XML External Entity Injection in Gadget Renderer
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Kousuke Ebihara
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Halim Cruzito
Joomla! Component Maian15 - 'name' Arbitrary File Upload
by SultanHaikal
WordPress Theme Area53 - Arbitrary File Upload
by Byakuya Kouta
PHP Point Of Sale - 'ofc_upload_image.php' Remote Code Execution
by Gabby
Elite Graphix ElitCMS 1.01 / PRO - Multiple Web Vulnerabilities
by Vulnerability-Lab
WordPress Plugin Realty - Blind SQL Injection
by Napsterakos
WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
by Zy0d0x
Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection
by Easy Laster
Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
by metacom
Internet Explorer 6-11 - Remote Code Execution via CDisplayPointer Use-After-Free
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
by Metasploit
CVSS 8.8
HP Storage Data Protector <7.01 - RCE
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
by Metasploit
Aladdin Knowledge Systems Ltd. PrivAgent - ActiveX Control Overflow
by blake
Zabbix 1.8-1.8.17 - SQL Injection
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
by Jason Kratzer
CVSS 9.8
WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting
by TheXero
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection
by drone
By Source