Exploitdb Exploits
50,095 exploits tracked across all sources.
Oracle Hyperion Strategic Finance < 12.0 - Remote Code Execution via ActiveX SetDevNames
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.
by rgod
Oracle Database Server - Authenticated Buffer Overflow in XDB_PITRIG_PKG.PITRIG_DROPMETADATA Procedure
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
by David Maman
KnFTP 1.0.0 - Remote Code Execution via Multiple Stack-Based Buffer Overflows
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands.
by pasta
WHMCompleteSolution 3.x-4.x - Unauthenticated Path Traversal via Template File Parameter
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.
by ZxH-Labs
SmartJobBoard - 'keywords' Cross-Site Scripting
by Mr.PaPaRoSSe
OrderSys <= 1.6.4 - SQL Injection via where_clause Parameter
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.
by muuratsalo
Linux Kernel 3.0.4 - '/proc/interrupts' Password Length Local Information Disclosure
by Vasiliy Kulikov
Oracle NoSQL 11g 1.1.100 R2 - 'log' Directory Traversal
by Buherátor
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
by Metasploit
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
Calibre E-Book Reader - Local Privilege Escalation (3)
by zx2c4
HP Data Protector Media Operations 6.20 - Directory Traversal
by Luigi Auriemma
Mini-Stream Ripper 3.0.1.1 - Stack-Based Buffer Overflow via .pls File
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
by Metasploit
Microsoft Excel 2003 11.8335.8333 - Use-After-Free
by Luigi Auriemma
WordPress Theme Bonus 1.0 - 's' Cross-Site Scripting
by 3spi0n
WHMCompleteSolution 3.x.x - Path Traversal via clientarea.php templatefile Parameter
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter.
by red virus
Merethis Centreon < 2.3.2 - Authenticated Path Traversal via Command Name Parameter
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
by Christophe de la Fuente
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
PHP 5.3.0-5.3.9 - Denial of Service via Stack Exhaustion in regcomp
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
by Maksymilian Arciemowicz
CVSS 7.5
Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak
by Todor Donev
By Source