Exploitdb Exploits
50,095 exploits tracked across all sources.
Conceptronic Grab'n'Go and Sitecom Storage Center - Password Disclosure
by Mattijs van Ommeren
FreeBSD Intel SYSRET Privilege Escalation
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
by Shahriyar Jalayeri
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
xt:Commerce VEYTON 4.0.15 - 'products_name_de' Script Insertion
by LiquidWorm
WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting
by Crim3R
Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
IBM Rational ClearQuest <7.1.2.7 & 8.0.0.3 - Info Disclosure
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.
by anonymous
Zabbix Server <1.8 - Command Injection
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
by Metasploit
Java 7 Applet Remote Code Execution
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
by Metasploit
CVSS 9.8
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload
by Sense of Security
WordPress Plugin Finder - 'order' Cross-Site Scripting
by Crim3R
Mihalism Multi Host - 'users.php' Cross-Site Scripting
by Explo!ter
LibGuides - Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
Power-eCommerce - Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
Microsoft Indexing Service - 'ixsso.dll' ActiveX Control Denial of Service
by coolkaveh
Text Exchange Pro - 'index.php' Local File Inclusion
by Yakir Wizman
PHP Web Scripts Text Exchange Pro - 'page' Local File Inclusion
by Yakir Wizman
By Source