Exploitdb Exploits
50,095 exploits tracked across all sources.
WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting
by Sammy FORGIT
Guestbook Scripts PHP 1.5 - Multiple Vulnerabilities
by Vulnerability-Lab
Freeside SelfService CGI/API 2.3.3 - Multiple Vulnerabilities
by Vulnerability-Lab
Linux Kernel < 3.2.24 - Denial of Service via EPOLL_CTL_ADD Circular Dependency
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
by Yurij M. Plotnikov
TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
by EgiX
.NET Framework - Tilde Character Denial of Service
by Soroush Dalili
WordPress Plugin MoodThingy Widget 0.8.7 - Blind SQL Injection
by Chris Kellum
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
by EgiX
CVSS 9.8
Classified Ads Script PHP - 'admin.php' Multiple SQL Injections
by snup
Photodex ProShow Producer <5.0.3256 - Buffer Overflow
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
by Julien Ahrens
WordPress Plugin custom tables - 'key' Cross-Site Scripting
by Sammy FORGIT
PHP MBB - Cross-Site Scripting / SQL Injection
by TheCyberNuxbie
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
by Carlos Mario Penagos Hollmann
plow - '.plowrc' File Buffer Overflow
by Jean Pascal Pereira
VteTerminal < 0.32.2 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Kevin Fenzi
Microsoft IIS - Short File/Folder Name Disclosure
by Soroush Dalili
Zoom Player - '.avi' Divide-by-Zero Denial of Service
by Dark-Puzzle
WordPress Plugin Backup 2.0.1 - Information Disclosure
by Stephan Knauss
Getsimple CMS Items Manager Plugin - 'PHP.php' Arbitrary File Upload
by Sammy FORGIT
python-wrapper - Untrusted Search Path/Code Execution
by ShadowHatesYou
By Source