Exploitdb Exploits
50,091 exploits tracked across all sources.
Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection
by Ibrahim El-Sayed
FastStone Image Viewer 4.6 - ReadAVonIP Crash (PoC)
by Jean Pascal Pereira
Blog Mod 0.1.9 - 'index.php?month' SQL Injection
by WhiteCollarGroup
Open Realty - 'select_users_lang' Local File Inclusion
by L0n3ly-H34rT
Template CMS < 2.1.1 - Cross-Site Scripting via themes_editor Parameter
Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php.
by High-Tech Bridge SA
Novell Sentinel Log Manager < 1.2.0.3 - Unauthenticated Data Retention Policy Creation via RPC Request
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action.
by Piotr Chmylkowski
XnView 1.99 and 1.99.1 - Remote Code Execution via Crafted JLS Image File
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
by Joseph Sheridan
JPEGsnoop 1.5.2 - Remote Code Execution in JPEG File Handling
A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code
by Jean Pascal Pereira
CVSS 8.8
Cyme ChartFX Client Server - ActiveX Control Array Indexing
by Francis Provencher
Template CMS < 2.1.1 - Cross-Site Request Forgery via Admin User Creation or Theme Editor
Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.
by High-Tech Bridge SA
phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities
by L0n3ly-H34rT
NCMedia Sound Editor Pro 7.5.1 - Local Overflow (SEH + DEP Bypass)
by b33f
WordPress Plugin spider Calendar - Multiple Vulnerabilities
by D4NB4R
PhpTax 0.8 - Unauthenticated Remote Code Execution via drawimage.php pfilez Parameter
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
by Jean Pascal Pereira
ZenPhoto - 'admin-news-articles.php' Cross-Site Scripting
by Scott Herbert
Switchvox - Multiple HTML Injection Vulnerabilities
by Ibrahim El-Sayed
WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities
by Tapco Security
By Source