Exploitdb Exploits
50,095 exploits tracked across all sources.
JBoss Application Server - Unauthenticated Administrative Access via Default Configuration
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
by Metasploit
Apple Mac OS X < 5.7.1 - Resource Management Error
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
by Ken Farnen
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections
by Andrea Fabrizi
Cm3 CMS - 'search.asp' Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
VMware Tools <8.0.4-4.0.4-4.1.2-5.1 - Privilege Escalation
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.
by Moshe Zioni
Sciretech (Multiple Products) - Multiple SQL Injections
by AkaStep
PHPFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
Group-Office < 4.0.90 - Authenticated SQL Injection via Calendar Sort Parameter
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
by Chris Cooper
GreenHopper < 5.9.8 - Stored Cross-Site Scripting in UpdateFieldJson.jspa
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.
by Hoyt LLC Research
CVSS 5.4
Sitemax Maestro - SQL Injection / Local File Inclusion
by AkaStep
Sitecom Home Storage Center - Directory Traversal
by Mattijs van Ommeren
Conceptronic Grab'n'Go Network Storage - Directory Traversal
by Mattijs van Ommeren
AV Arcade Free Edition - 'add_rating.php?id' Blind SQL Injection
by DaOne
Adobe Photoshop CS6 13.x - Remote Code Execution via Crafted File
Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file.
by Francis Provencher
SugarCRM Community Edition 6.5.2 (Build 8410) - Multiple Vulnerabilities
by Brendan Coles
OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
by Mike Eduard
SAP NetWeaver HostControl - Command Injection (Metasploit)
by Metasploit
WarFTP Daemon 1.82 RC 11 - Remote Format String
by coolkaveh
By Source