Exploitdb Exploits
50,091 exploits tracked across all sources.
Microsoft Internet Explorer <9 - RCE
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
by Metasploit
Honeywell Tema Remote Installer - ActiveX Remote Code Execution (Metasploit)
by Metasploit
Nero MediaHome < 4.5.8.0 - Denial of Service via HTTP Header Without Name
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.
by High-Tech Bridge SA
WordPress Plugin Gallery - 'filename_1' Arbitrary File Access
by Beni_Vanda
eXtplorer 2.1 - Arbitrary File Upload (Metasploit)
by Metasploit
Ruby on Rails JSON Processor YAML Deserialization Code Execution
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
by Metasploit
Samsung Kies < 2.5.0.12114_1 - Remote Code Execution via SyncService.dll PrepareSync Password Argument
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.
by High-Tech Bridge
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution
by Debasish Mandal
WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities
by Stefan Schurtz
TinyBrowser - 'tinybrowser.php' Directory Listing
by MustLive
Open Solution Quick.Cms 5.0 and Quick.Cart 6.0 - Cross-Site Scripting via PATH_INFO to admin.php
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.
by High-Tech Bridge
Prizm Content Connect 5.1 - Code Injection
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
by Include Security Research
CVSS 9.8
Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, 7.1.0.1 - Cross-Site Scripting via Topic Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/.
by Tenable NS
Schmid Watson Management Console - Directory Traversal
by Dhruv Shah
Watson Management Console 4.11.2.G - Directory Traversal
by Dhruv Shah
IBM Cognos TM1 9.4.x-9.5.x - Remote Code Execution via Crafted Data
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
by Metasploit
WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting
by Am!r
Google Doc Embedder <2.5.4 - Path Traversal
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
by Metasploit
MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure
by AkaStep
By Source