Exploitdb Exploits
50,095 exploits tracked across all sources.
FlexNet License Server Manager - lmgrd Buffer Overflow (Metasploit)
by Metasploit
Symantec Endpoint Protection/SNAC <11.0.710x - Privilege Escalation
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
by 41.w4r10r
Yellow Duck Framework 2.0 Beta1 - Local File Disclosure
by L3b-r1'z
Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
by AkaStep
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
Pligg CMS < 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
by High-Tech Bridge SA
phpCollab 2.5 - Database Backup Information Disclosure
by team ' & 1=1--
Novell NetWare Client 4.91 SP4 - Local Privilege Escalation via NICM.SYS IOCTL
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
by sickness
Plogger 1.0 Beta 3.0 - SQL Injection
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Eyup CELIK
mosh < 1.2.1 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Timo Juhani Lindfors
HP SAN/iQ < 9.5 - Authenticated OS Command Injection via Ping Parameter
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
by Metasploit
Foxit Reader <3.0 Build 1506 - Buffer Overflow
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.
by Metasploit
MediaChance Real-DRAW PRO 5.2.4 - DoS
MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
by Ahmed Elhady Mohamed
DVD-Lab Studio 1.25 - '.DAL' File Open Crash
by Ahmed Elhady Mohamed
Yandex.Server 2010 9.0 Enterprise - XSS
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
by MustLive
AboutMe plugin 1.1.1 for Vanilla Forums - Stored Cross-Site Scripting via Edit My Details Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
FirstLastNames 1.1.1 - Cross-Site Scripting via User FirstName or LastName Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting
by Eyup CELIK
PHP 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Dereference
by condis
HP SAN/iQ < 9.5 - Unauthenticated Remote Access via Hardcoded Password
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
by Metasploit
Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions
by Aung Khant
By Source