Exploitdb Exploits
50,095 exploits tracked across all sources.
XODA 0.4.5 - Unauthenticated Arbitrary PHP File Upload via Multipart Form Data
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.
by Shai rod
Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit)
by Matt Andreko
JPM Article Blog Script 6 - 'tid' Cross-Site Scripting
by Mr.0c3aN
SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
by Core Security
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
by Kc57
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
by Kc57
IOServer <1.0.19.0 - Path Traversal
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
by hinge
Adobe Flash Player < 11.3.300.271 - Remote Code Execution via Crafted SWF Content
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
by Metasploit
CVSS 7.8
uebimiau 2.7.9 - Cross-Site Scripting via IMG Tag SRC Attribute
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.
by Shai rod
T-dah Webmail - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by Yakir Wizman
Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
GWebmail 0.7.3 - Cross-Site Scripting / Local File Inclusion / Remote Code Execution
by Shai rod
Alpha Networks ADSL2/2+ Wireless Router ASL-26555 - Password Disclosure
by Alberto Ortega
ManageEngine OpUtils 6.0 - Persistent Cross-Site Scripting
by loneferret
QuickTime Player plugin 4.1.2 - Buffer Overflow via EMBED Tag HREF Parameter
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
by UNYUN
SaltOS - 'download.php' Cross-Site Scripting
by Stefan Schurtz
IlohaMail Webmail - Persistent Cross-Site Scripting
by Shai rod
By Source