Exploitdb Exploits
50,095 exploits tracked across all sources.
PHP < 5.3.14 and 5.4.x < 5.4.4 - Denial of Service via PDO Prepared Statement Parsing
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
by 0x721427D8
NVIDIA UNIX <295.40 - Memory Corruption
The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.
by anonymous
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
WordPress Plugin G-Lock Double Opt-in Manager - SQL Injection
by BEASTIAN
ManageEngine Mobile Application Manager 10 - SQL Injection
by Vulnerability-Lab
ManageEngine Applications Manager 8.1 build 8100 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection
by Patrick de Brouwer
Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
glibc < 2.13 and eglibc < 2.13 - Remote Code Execution via SSSE3 Optimization
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
by c0ntex
ManageEngine Applications Manager - Multiple SQL Injections
by Ibrahim El-Sayed
ManageEngine Applications Manager - Multiple Cross-Site Scripting / SQL Injections
by Ibrahim El-Sayed
Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting
by Oliver Karow
Microsoft SharePoint Server 2007 SP2 - Remote Code Execution via Malformed SOAP Request
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
by Metasploit
DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities
by Raymond Rizk
Zenoss Core 3.x - Command Injection
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
by Brendan Coles
Symantec Web Gateway 5.0.3.18 - SQL Injection via groupid Parameter
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.
by Kc57
Plixer Scrutinizer < 9.5.0 - Cross-Site Scripting via d4d/exporters.php Query String or HTTP Referer Header
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
by Mario Ceballos
Plixer Scrutinizer <9.5.0 - Code Injection
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
by Mario Ceballos
Zenoss 3.2.1 - (Authenticated) Remote Command Execution
by Brendan Coles
Plixer Scrutinizer < 9.5.0 - Unauthenticated Administrative Account Creation via admin.cgi userprefs Action
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
by Mario Ceballos
By Source