Exploitdb Exploits
50,095 exploits tracked across all sources.
Citrix XenApp / XenDesktop XML Service - Heap Corruption
by n.runs AG
Citrix XenApp / XenDesktop - Stack Buffer Overflow
by n.runs AG
Joomla! Component com_virtuemart 1.1.7/1.5 - Blind SQL Injection (Metasploit)
by TecR0c
HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, 9.10 - Authenticated SQL Injection
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
by anonymous
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure
by securititracker
Samba 3.x < 3.5.10 - Cross-Site Request Forgery in SWAT
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
by Narendra Shinde
Safari < 5.0.6 - Remote Code Execution via WebKit Memory Corruption
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
by Abysssec
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
OpenX Ad Server 2.8.7 - Cross-Site Request Forgery
by Narendra Shinde
ManageEngine ServiceDesk Plus 8.0.0 Build 8013 - Improper User Privileges
by Narendra Shinde
CA ARCserve D2D r15 GWT RPC - Multiple Vulnerabilities
by rgod
CA ARCserve D2D r15 - Exposure of Sensitive Information via Session Handling
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.
by Metasploit
Ciscokits 1.0 - TFTP Server File Name Denial of Service
by Craig Freyman
Willscript Recipes Website Script Silver Edition - 'viewRecipe.php' SQL Injection
by Lazmania61
Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
By Source