Exploitdb Exploits
50,095 exploits tracked across all sources.
Lattice Semiconductor PAC-Designer <6.2.1344 - Buffer Overflow
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
by Metasploit
MediaWiki <1.17.5, <1.18.4, <1.19.1 - XSS
Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.
by anonymous
Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
by Sammy FORGIT
Funeral Script PHP - Cross-Site Scripting / SQL Injection
by snup
vBSeo < 3.8.7 - Cross-Site Scripting via member.php u Parameter
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.
by MegaMan
CVSS 6.1
Microsoft XML Core Services 3.0, 4.0, 5.0, 6.0 - Remote Code Execution via Uninitialized Memory Access
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
by Metasploit
CVSS 8.8
XnView - '.RAS' Image Processing Heap Overflow
by Francis Provencher
XnView - '.FlashPix' Image Processing Heap Overflow
by Francis Provencher
XnView - '.ECW' Image Processing Heap Overflow
by Francis Provencher
Webify (Multiple Products) - Multiple HTML Injection / Local File Inclusions
by snup
Simple Document Management System 1.1.5 - Multiple SQL Injections
by JosS
News Script PHP 1.2 - Multiple Vulnerabilities
by Vulnerability-Lab
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
by Sammy FORGIT
iScripts EasyCreate 2.0 - Multiple Vulnerabilities
by Vulnerability-Lab
ComSndFTP FTP Server <1.3.7 Beta - Code Injection
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
by Metasploit
TFM MMPlayer - '.m3u' / '.ppl' Local Buffer Overflow (Metasploit)
by Metasploit
WordPress Plugin ORGanizer - Multiple Vulnerabilities
by MustLive
Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution
by mr_me
Joomla! Component JCal Pro Calendar - SQL Injection
by Taurus Omar
By Source