Exploitdb Exploits
50,083 exploits tracked across all sources.
vBulletin 5.0.0 Beta 11 and earlier - Authenticated SQL Injection via nodeid Parameter
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
by Orestis Kourides
Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)
by bwall
Free Hosting Manager 2.0.2 - Multiple SQL Injections
by Saadi Siddiqui
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
Mutiny Standard <4.5-1.12 - Command Injection
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
by Metasploit
Sami FTP Server - 'LIST' Buffer Overflow (Metasploit)
by Metasploit
CoolPDF 3.0.2.256 - Buffer Overflow
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.
by Metasploit
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Local Privilege Escalation
by Julien Ahrens
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities
by m3tamantra
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Blind SQL Injection
by m3tamantra
OpenCart 1.4.7-1.5.5.1 - Path Traversal via Filemanager Bypass
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
by waraxe
CVSS 6.5
Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion
by DaOne
Apache Struts <2.3.1.2 - Command Injection
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
by Metasploit
CVSS 9.8
GnuTLS < 3.0.14 - Double Free via Crafted Certificate List
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
by Shawn the R0ck
StarVedia IPCamera IC502w IC502w+ v020313 - 'Username'/Password Disclosure
by Todor Donev
BlazeVideo HDTV Player Standard - '.plf' File Remote Buffer Overflow
by metacom
By Source