Exploitdb Exploits
50,095 exploits tracked across all sources.
Event Calender PHP - Multiple Input Validation Vulnerabilities
by snup
EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities
by Sammy FORGIT
CakePHP 2.1.0-2.1.4 and 2.1.0-alpha-2.1.4 - XML External Entity Injection
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
by Pawel Wylecial
CVSS 7.5
Vivotek Cameras - Sensitive Information Disclosure
by GothicX
Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload
by D4NB4R
Siemens Simatic S7-300/400 - CPU START/STOP Module (Metasploit)
by Dillon Beresford
Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)
by Dillon Beresford
Siemens Simatic S7-1200 - CPU START/STOP Module (Metasploit)
by Dillon Beresford
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
by dun
WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload
by Chris Kellum
WordPress Plugin Generic - Arbitrary File Upload
by KedAns-Dz
Joomla! Component com_ksadvertiser - Remote File / Bypass Upload
by D4NB4R
Snack Sound Toolkit - Heap-based Buffer Overflow in GetWavHeader
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
by Jean Pascal Pereira
Microsoft Lync 2010 and 2010 Attendee - Cross-Site Scripting via SafeHTML Component
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
by Adi Cohen
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Vulnerability-Lab
Phonalisa - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
House Style 0.1.2 - 'readfile()' Local File Disclosure
by GoLd_M
Hastymail2 2.1.1 - Remote Code Execution via rs or rsargs[] Parameter
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
by Metasploit
By Source