Exploitdb Exploits
50,095 exploits tracked across all sources.
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure
by Lagripe-Dz & Mca-Crb
Boonex Dolphin 6.1 - 'get_list.php' SQL Injection
by Yuri Goltsev
1024 CMS 1.1.0 Beta - 'force_download.php' Local File Inclusion
by Sangyun YOO
Cross Platform Webkit File Dropper
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
by Metasploit
Site@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection
by Stefan Schurtz
Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection
by EgiX
Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Vulnerabilities
by Richard Brain
WordPress Plugin BackWPUp 2.1.4 - Code Execution
by Sense of Security
Gnuboard < 4.33.02 - SQL Injection via PATH_INFO
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
by flyh4t
Dominant Creature BBG/RPG Browser Game - Persistent Cross-Site Scripting
by M.Jock3R
asgbookPHP 1.9 - 'index.php' Cross-Site Scripting
by indoushka
Apple Safari - Remote Code Execution via File URL Policy Bypass
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
by Metasploit
TOSHIBA TEC e-Studio MFP - Unauthenticated Authentication Bypass
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.
by Deral Heiland PercX
Real Networks Netzip Classic 7.5.1.86 - Buffer Overflow
Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.
by Metasploit
Ruubikcms 1.1.0 - '/extra/image.php' Local File Inclusion
by Sangyun YOO
Microsoft Windows 7 Gold & SP1/Windows Server 2008 R2 & R2 SP1 - DoS
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
by Byoungyoung Lee
BlueZone Desktop - '.zap' file Local Denial of Service
by Silent_Dream
vtiger CRM < 5.2.1 - SQL Injection via Calendar Module onlyforuser Parameter
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
by Aung Khant
SeaMonkey through 2.0.14 - Remote Code Execution via Array.reduceRight Integer Overflow
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
by Metasploit
By Source