Exploitdb Exploits
50,095 exploits tracked across all sources.
Joomla! Component com_photo - Multiple SQL Injections
by Chokri Ben Achor
Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (2)
by pole
WordPress Plugin Effective Lead Management 3.0.0 - Persistent Cross-Site Scripting
by Chris Kellum
Mibew Messenger 1.6.4 - 'threadid' SQL Injection
by Ucha Gobejishvili
PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting
by Gjoko Krstic
Wiki Web Help - 'configpath' Remote File Inclusion
by L0n3ly-H34rT
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
Zenoss Core 3.x - Command Injection
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
by Metasploit
Plixer Scrutinizer <9.5.2 - SQL Injection
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
by Metasploit
Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).
by Metasploit
FreeBSD 8.2 - Denial of Service via Crafted ASCONF Chunk
The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.
by Shaun Colley
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
by Metasploit
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by Metasploit
VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial of Service
by Dark-Puzzle
WordPress Theme ShopperPress - SQL Injection / Cross-Site Scripting
by Benjamin Kunz Mejri
Mahara 1.4.0-1.4.2 and 1.5.0-1.5.1 - Cross-Site Scripting via Login Form, Links, Resources, and Display Name
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
by anonymous
CVSS 6.1
Joomla! Component com_joomgalaxy 1.2.0.4 - Multiple Vulnerabilities
by D4NB4R
By Source