Exploitdb Exploits
50,091 exploits tracked across all sources.
Banana Dance < b.2.6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
by High-Tech Bridge SA
YeaLink IP Phone SIP-TxxP Firmware 9.70.0.100 - Multiple Vulnerabilities
by xistence
Android API < 16.0 - Remote Code Execution via WebView.addJavascriptInterface
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.
by Metasploit
Netwin SurgeFTP <23c8 - Command Injection
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.
by Spencer McIntyre
InduSoft Web Studio < 7.0 - Remote Code Execution via ISSymbol ActiveX Buffer Overflow
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.
by Metasploit
WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
by DigiP
Joomla! Component com_ztautolink - 'Controller' Local File Inclusion
by Xr0b0t
Joomla! Component com_bit - 'Controller' Local File Inclusion
by Xr0b0t
SonicWALL SonicOS 5.8.1.8 WAF - Cross-Site Scripting
by Vulnerability-Lab
Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
SAP Crystal Reports 2008 SP3 Fix Pack 3.2 - Remote Code Execution via Long ServerResourceVersion Property
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
by Metasploit
MyBB Transactions Plugin - 'transaction' SQL Injection
by limb0
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting
by MustLive
iris_citations_management_tool < 1.3 - Remote Code Execution
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.
by aeon
CVSS 9.8
MyBB User Profile Skype ID Plugin 1.0 - Persistent Cross-Site Scripting
by limb0
Totem Movie Player 3.4.3 (Ubuntu) - Stack Corruption
by coolkaveh
Social Sites MyBB Plugin 0.2.2 - Cross-Site Scripting
by s3m00t
Portable phpMyAdmin <1.3.1 - Auth Bypass
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
by Mark Stanislav
PHP Address Book - 'group' Cross-Site Scripting
by Kenneth F. Belva
By Source