Exploitdb Exploits
50,083 exploits tracked across all sources.
Cisco Video Surveillance Operations Manager - Multiple Vulnerabilities
by b.saleh
Microsoft Silverlight <5.1.20125.0 - RCE
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
by Metasploit
CVSS 7.8
RubyGems fastreader - 'entry_controller.rb' Remote Command Execution
by Larry W. Cashdollar
WordPress podPress Plugin <8.8.10.13 - XSS
Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.
by hiphop
CVSS 6.1
Privoxy < 3.0.21 - Proxy Authentication Spoofing via 407 Status Code
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
by Chris John Riley
PHPBoost - Arbitrary File Upload / Information Disclosure
by KedAns-Dz
KindEditor - Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities
by MustLive
Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting
by Manuel García Cárdenas
terillion_reviews_plugin < 1.1 - Cross-Site Scripting via ProfileId Field
Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.
by Aditya Balapure
McAfee Vulnerability Manager 7.5 - Cross-Site Scripting via cert_cn Cookie Parameter
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
by Asheesh Anaconda
Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.
by LiquidWorm
CVSS 7.5
Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.
by LiquidWorm
CVSS 5.3
CosCMS < 1.822 - Authenticated OS Command Injection via Uploaded File Name
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
by High-Tech Bridge SA
MariaDB 5.1.x-5.5.x - Denial of Service via Crafted Geometry Feature
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
by Alyssa Milburn
mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read
by Sergey Bobrov
VMware Workstation 8.x-9.x, Fusion 4.1-5.0, View 4.x-5.x, ESXi 4.0-5.1, ESX 4.0-4.1 Privilege Escalation
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.
by Artem Shishkin
Remote File Manager 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Matrix42 Service Store <5.33.946.0 - XSS
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.
by 43zsec
WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting
by alejandr0.m0f0
Viscosity 1.4.1 - Privilege Escalation via ViscosityHelper Path Validation Issue
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
by Metasploit
CVSS 9.8
Tunnelblick < 3.3beta20 - Privilege Escalation via argv[0] Pathname Manipulation
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
by Metasploit
Varnish Cache - Multiple Denial of Service Vulnerabilities
by tytusromekiatomek
By Source