Exploitdb Exploits
50,095 exploits tracked across all sources.
ADICO - 'index.php' Script SQL Injection
by Ibrahim El-Sayed
XM Easy Personal FTP Server 5.3.0 - Buffer Overflow
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
by mr_me
Microsoft Internet Explorer 8 - Remote Code Execution via Deleted Object Access
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
by Metasploit
ESRI ArcMap < 10.0.2.3200 - Arbitrary VBA Code Execution via Crafted Map File
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
by Boston Cyber Defense
WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload
by Sammy FORGIT
Swoopo Gold Shop CMS 8.4.56 - Multiple Web Vulnerabilities
by Vulnerability-Lab
Squirrelcart Cart Shop 3.3.4 - Multiple Web Vulnerabilities
by Vulnerability-Lab
Simple Forum PHP - Multiple SQL Injections
by Vulnerability Research Laboratory
NetArt Media Jobs Portal - SQL Injection
by Ibrahim El-Sayed
MYRE Real Estate Software 2012 Q2 - SQL Injection via link_idd or userid Parameter
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.
by Vulnerability-Lab
Cells Blog CMS 1.1 - Multiple Web Vulnerabilities
by Vulnerability-Lab
Adobe Illustrator < CS6 - Memory Corruption
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
by Felipe Andres Manzano
Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities
by Nadeem Salim
Juniper Networks MSS <7.6.3-7.7.1-7.5.3-7.4-7.3 - XSS
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
by Craig Lambert
Edimax IC-3030iWn - UDP Packet Password Information Disclosure
by y3dips
Wyse Device Manager 4.7.x - Unauthenticated Remote Command Execution via hagent.exe
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
by it.solunium
XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injections
by Sangteamtham
Zimplit CMS 3.0 - Local File Inclusion / Arbitrary File Upload
by KedAns-Dz
WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)
by Metasploit
WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)
by Metasploit
SPIP 2.x - Multiple Cross-Site Scripting Vulnerabilities
by anonymous
Joomla! Component mod_jfancy - 'script.php' Arbitrary File Upload
by Sammy FORGIT
By Source