Exploitdb Exploits
50,091 exploits tracked across all sources.
Thomson Wireless VoIP Cable Modem - Authentication Bypass
by Glafkos Charalambous
SpiceWorks 6.0.00993 - Multiple Script Injection Vulnerabilities
by LiquidWorm
SonicWALL email security 7.3.5 - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Plugin wp-topbar 4.02 - Multiple Vulnerabilities
by Blake Entrekin
Fortigate UTM WAF Appliance - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
by AkaStep
vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection
by Am!r
AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
Auxilium RateMyPet - Unauthenticated Arbitrary File Upload via Banner Upload Feature
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
by DaOne
NCMedia Sound Editor Pro 7.5.1 - 'MRUList201202.dat' File Handling Buffer Overflow
by Julien Ahrens
Novell GroupWise <8.0.3-2012.SP1 - RCE
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
by Francis Provencher
Netsweeper WebAdmin Portal - Impact Unknown
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
by Jacob Holcomb
minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by ayastar
CoSoSys Endpoint Protector 4 - Info Disclosure
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack.
by Christopher Campbell
IFOBS - 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities
by MustLive
Internet Download Manager - Local Stack Buffer Overflow
by Dark-Puzzle
Internet Download Manager - Local Buffer Overflow (SEH)
by Dark-Puzzle
NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities
by Vulnerability-Lab
ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities
by Vulnerability-Lab
Trend Micro InterScan Messaging Security Suite 7.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.
by modpr0be
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Authenticated OS Command Injection
These Sinapsi devices do not check for special elements in commands sent
to the system. By accessing certain pages with administrative privileges
that do not require authentication within the device, attackers can
execute arbitrary, unexpected, or dangerous commands directly onto the
operating system.
by Roberto Paleari
By Source