Exploitdb Exploits
50,083 exploits tracked across all sources.
MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
PolarBear CMS 2.5 - Unauthenticated Arbitrary File Upload via upload.php
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
by Metasploit
CVSS 9.8
JForum 2.1.9 - Cross-Site Scripting via Action, Match Type, Sort By, or Start Parameters
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
by ZeroDayLab
WiFilet 1.2 iPad iPhone - Multiple Vulnerabilities
by Vulnerability-Lab
smart-flv - Cross-Site Scripting via link or playerready Parameter
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter.
by Henri Salo
phpMyRecipes - Multiple HTML Injection Vulnerabilities
by PDS
Oracle JRE 7 through Update 11 and OpenJDK 7 - Security Sandbox Bypass via JMX
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
by Metasploit
CVSS 5.3
Linux Kernel < 3.4.34 - Local Privilege Escalation via Netlink Message Family Value
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by SynQ
AirDrive HD 1.6 iPad iPhone - Multiple Vulnerabilities
by Vulnerability-Lab
Photodex ProShow Producer - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities
by Julien Ahrens
Microsoft Internet Explorer 8 - Remote Code Execution via SLayoutRun Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
by Metasploit
File Manager - HTML Injection / Local File Inclusion
by Benjamin Kunz Mejri
Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities
by QSecure & Demetris Papapetrou
Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection
by QSecure & Demetris Papapetrou
RTTucson Quotations Database Script - Authentication Bypass
by cr4wl3r
PHPMyRecipes 1.2.2 - 'viewrecipe.php?r_id' SQL Injection
by cr4wl3r
PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting
by TheMirkin
glFusion < 1.2.2.pl4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
by High-Tech Bridge SA
Microsoft Office - Stack-based Buffer Overflow via Crafted RTF Data
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
by g11tch
CVSS 7.8
BigAntSoft BigAnt IM Message Server - Stack-Based Buffer Overflow via SCH or DUPF Request
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
by Metasploit
BigAntSoft BigAnt IM Message Server - Unauthenticated Arbitrary File Write via File Upload
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
by Metasploit
By Source