Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by ariarat
Xibo 1.2.x < 1.2.3 and 1.4.x < 1.4.2 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
by Mahendra
Anchor CMS 0.9.1 - Cross-Site Scripting via Name Field in Comments
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.
by DURAKIBOX
Flux Player 3.1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ePhoto Transfer 1.2.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Barracuda CudaTel - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
BlazeVideo BlazeDVD Standard and Professional 5.0 - Stack-based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
by PuN1sh3r
Dell Kace 1000 SMA 5.4.70402 - Persistent Cross-Site Scripting
by Vulnerability-Lab
Apache Struts 2.0.0-2.3.15 - Open Redirect via redirect: or redirectAction: Prefix
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
by Takeshi Terada
Squid 3.2.x-3.2.12 and 3.3.x-3.3.7 - Denial of Service via HTTP Host Header Port Number
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
by kingcope
libtirpc < 0.2.3 - Denial of Service via Crafted Sun RPC Arguments
The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.
by Sean Verity
Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
FTP Sprite 1.2.1 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
readymedia < 1.1.0 - Heap-Based Buffer Overflow
MiniDLNA has heap-based buffer overflow
by Zachary Cutlip
CVSS 9.8
BMC Service Desk Express 10.2.1.95 - SQL Injection
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.
by Nuri Fattah
Corel PDF Fusion 1.11 - Buffer Overflow
Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS file.
by Metasploit
McAfee ePolicy Orchestrator <4.6.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
by Nuri Fattah
Corel PDF Fusion <1.11 - Privilege Escalation
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.
by Metasploit
WordPress Plugin Spicy Blogroll - Local File Inclusion
by Ahlspiess
Triangle Research International Nano-10 PLC <r81 - DoS
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502.
by Sapling
By Source