Exploitdb Exploits
50,095 exploits tracked across all sources.
WordPress Plugin KNR Author List Widget 2.0.0 - SQL Injection
by Miroslav Stampar
GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting / SQL Injections
by Yassin Aboukir
Free Help Desk 1.1b - Multiple Input Validation Vulnerabilities
by High-Tech Bridge SA
Cerberus FTP Server 4.0.9.8 - Remote Buffer Overflow
by KedAns-Dz
CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (1)
by blake
World Of Warcraft - 'chat-cache.txt' Local Stack Overflow Denial of Service
by BSOD Digital
TOWeb 3.0 - Local Format String Denial of Service 'TOWeb.MO' File Corruption
by BSOD Digital
Zikula Application Framework <1.3.0-1.2.7 - XSS
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
by High-Tech Bridge SA
WordPress Plugin oQey Gallery 0.4.8 - SQL Injection
by Miroslav Stampar
EasyGallery 5 - 'index.php' Multiple SQL Injections
by Eyup CELIK
Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting
by R3d-D3V!L
Linux Kernel < 2.6.37 - Information Disclosure via Uninitialized IPC Structures
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
by Jon Oberheide
WordPress Plugin Zotpress 4.4 - SQL Injection
by Miroslav Stampar
Apple QuickTime PICT PnSize Buffer Overflow
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
by Metasploit
WordPress Plugin Facebook Opengraph Meta 1.0 - SQL Injection
by Miroslav Stampar
Advantech WebAccess < 7.0 - Remote Code Execution via Format String Specifiers
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
by Luigi Auriemma
WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection
by Miroslav Stampar
Mambo Component N-Skyrslur - Cross-Site Scripting
by CoBRa_21
By Source