Exploitdb Exploits
50,095 exploits tracked across all sources.
Internet Download Manager - Memory Corruption
by Dark-Puzzle
vBulletin Yet Another Awards System 4.0.2 - SQL Injection
by Backsl@sh/Dan
SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities
by Brendan Coles
SquidGuard 1.4 - Long URL Handling Remote Denial of Service
by Stefan Bauer
WordPress Download Monitor <3.3.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
by Chris Cooper
TomatoCart - 'example_form.ajax.php' Cross-Site Scripting
by HauntIT
Dell Crowbar < 1.4 - Cross-Site Scripting via File Parameter
Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.
by Matthias Weckbecker
Symantec Messaging Gateway < 9.5.4 - Default SSH Credentials
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
by Metasploit
JW Player < 5.10.2295 - Cross-Site Scripting via Link or Logo Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
by MustLive
CVSS 6.1
ActFax Server <4.32 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.
by Craig Freyman
HP Intelligent Management Center < 5.1 - Stack-based Buffer Overflow in User Access Manager
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
by Metasploit
WordPress Plugin HD Webplayer 1.1 - SQL Injection
by JoinSe7en
PrestaShop < 1.4.9.0 - Cross-Site Scripting via product[] Parameter in ajax.php
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
by High-Tech Bridge
CVSS 6.1
Phorum < 5.2.19 - Cross-Site Scripting via Group Parameter
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
by High-Tech Bridge
Express Burn Plus 4.58 - EBP Project File Handling Buffer Overflow (PoC)
by LiquidWorm
WordPress Plugin Simple:Press Forum - Arbitrary File Upload
by Iranian Dark Coders
WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure
by Jan Van Niekerk
By Source