Exploitdb Exploits
50,095 exploits tracked across all sources.
Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload
by Sammy FORGIT
Apple iTunes <10.6.3 - Buffer Overflow
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
by LiquidWorm
F5 BIG-IP Multiple Versions - Unauthenticated SSH Login via Shared Private Key
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
by Metasploit
Microsoft Windows OpenType Font - File Format Denial of Service
by Cr4sh
XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload
by KedAns-Dz
WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload
by Sammy FORGIT
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
by Metasploit
Joomla! Component mod_artuploader - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component Easy Flash Uploader - 'helper.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component com_simpleswfupload - 'uploadhandler.php' Arbitrary File Upload
by Sammy FORGIT
Oracle MySQL 5.1.x < 5.1.63, 5.5.x < 5.5.24, 5.6.x < 5.6.6 - Authentication Bypass via Repeated Failed Authentication
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
by David Kennedy (ReL1K)
F5 BIG-IP Multiple Versions - Unauthenticated SSH Login via Shared Private Key
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
by David Kennedy (ReL1K)
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
by Metasploit
WordPress WP GPX Maps Plugin 1.1.21 - Remote Code Execution via Unrestricted File Upload
WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.
by Adrien Thierry
CVSS 9.8
WordPress Plugin User Meta 1.1.1 - Arbitrary File Upload
by Adrien Thierry
WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload
by Adrien Thierry
WordPress Plugin SfBrowser 1.4.5 - Arbitrary File Upload
by Adrien Thierry
WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload
by Adrien Thierry
WordPress Plugin Mac Photo Gallery 2.7 - Arbitrary File Upload
by Adrien Thierry
WordPress Plugin drag and drop file upload 0.1 - Arbitrary File Upload
by Adrien Thierry
WordPress Plugin Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload
by Adrien Thierry
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload
by KedAns-Dz
By Source