Exploitdb Exploits
50,095 exploits tracked across all sources.
Zend Framework 1.x < 1.11.12 and 1.12.x < 1.12.0 - XML External Entity Injection via XML-RPC Request
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
by SEC Consult
CVSS 9.1
Symantec Web Gateway <5.0.3 - Info Disclosure
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.
by S2 Crew
Google Chrome <20.0.1132.43 - Privilege Escalation
Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.
by Moshe Zioni
Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass
by Security Explorations
WordPress Plugin Website FAQ 1.0 - SQL Injection
by Chris Kellum
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
by Metasploit
CVSS 9.8
DigPHP - 'dig.php' Script Remote File Disclosure
by Ryuzaki Lawlet
Western Digital's WD TV Live SMP/Hub - Privilege Escalation
by Wolfgang Borst
Apple iTunes <10.6.3 - Buffer Overflow
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
by Metasploit
Adobe Flash Player <10.3.183.19-11.2.202.235 - RCE
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
by Metasploit
Winamp 5.13 - '.m3u' File Exception Handling Remote Denial of Service
by Dark-Puzzle
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
WellinTech KingView < 6.53 - Remote Code Execution via Crafted TCP Packet
Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
by Carlos Mario Penagos Hollmann
WellinTech KingView < 6.53 - Remote Code Execution via Crafted TCP Packet
Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
by Carlos Mario Penagos Hollmann
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
WordPress Plugin Fancy Gallery 1.2.4 - Arbitrary File Upload
by Sammy FORGIT
Umapresence - Local File Inclusion / Arbitrary File Deletion
by Sammy FORGIT
FCKeditor < 2.6.7 - Cross-Site Scripting via textinputs Array Parameter
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
by Emilio Pinna
Drupal Module Drag & Drop Gallery 6.x-1.5 - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Parodia < 6.8 - SQL Injection
SQL injection vulnerability in Parodia before 6.809 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
by Carlos Mario Penagos Hollmann
IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow
by Francis Provencher
WordPress Plugin Flip Book - 'PHP.php' Arbitrary File Upload
by Sammy FORGIT
By Source