Exploitdb Exploits
50,091 exploits tracked across all sources.
WordPress Theme Toolbox - 'mls' SQL Injection
by Ashiyane Digital Security Team
Video Lead Form plugin for WordPress - Cross-Site Scripting via errMsg Parameter
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.
by Aditya Balapure
elastix 2.3.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter.
by cheki
Network Shutdown Module 3.21 - 'sort_values' Remote PHP Code Injection (Metasploit)
by Metasploit
Oracle OpenSSO 8.0 - Multiple Cross-Site Scripting POST Injection Vulnerabilities
by LiquidWorm
FCKEditor Core ASP 2.6.8 - Arbitrary File Upload Protection Bypass
by Soroush Dalili
gleamtech filevista/fileultimate 4.6 - Directory Traversal
by Soroush Dalili
Apple QuickTime < 7.7.3 - Remote Code Execution via Crafted MIME Type
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
by Metasploit
BigDump 0.29b and 0.32b - Multiple Vulnerabilities
by Ur0b0r0x
WordPress Theme CStar Design - 'id' SQL Injection
by Amirh03in
BlazeVideo HDTV Player Pro v6.6.0.3 - Buffer Overflow
BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
by Nezim
Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn
by Nezim
WordPress Theme Wp-ImageZoom - 'id' SQL Injection
by Amirh03in
WordPress Plugin Ads Box - 'count' SQL Injection
by Ashiyane Digital Security Team
PRADO PHP Framework 3.2.0 - Arbitrary File Read
by LiquidWorm
Forescout CounterACT <7.0 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.
by Joseph Sheridan
mcrypt < 2.6.8 - Stack-Based Buffer Overflow via Encrypted File Header
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.
by Tosh
mcrypt < 2.6.8 - Stack-Based Buffer Overflow via Encrypted File Header
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.
by _ishikawa
Apple QuickTime < 7.7.3 - Remote Code Execution via TeXML Style Element
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
by Metasploit
By Source