Exploitdb Exploits
50,095 exploits tracked across all sources.
Tradingeye E-Commerce Shopping Cart - Multiple Vulnerabilities
by $#4d0\/\/[r007k17]
Sphider 1.3.x - Admin Panel Multiple SQL Injections
by Karthik R
Pandora Fms 3.2.1 - Cross-Site Request Forgery
by mehdi boukazoula
Joomla! Component com_xmap 1.2.11 - Blind SQL Injection
by jdc
Fire Soft Board 2.0.1 - Persistent Cross-Site Scripting (Admin Panel)
by _jill for A-S
Flowplayer Flash 3.2.7-3.2.16 - Cross-Site Scripting via Plugin Configuration Directive
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
by Szymon Gruszecki
CVSS 9.6
Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service
by Moritz Naumann
WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities
by IHTeam
Mozilla Firefox <3.5.19 & <3.6.17, SeaMonkey <2.0.14 - RCE
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
by Metasploit
Freefloat FTP Server - 'LIST' Remote Buffer Overflow
by Zer0 Thunder
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Variable Manipulation via Swekey Authentication Query String
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
by Mango
Symantec Backup Exec 11.0-13.0 R2 - Unauthenticated NDMP Command Execution via Man-in-the-Middle
Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.
by Nibin
Blue Coat ProxyOne and ProxySG - Stack-Based Buffer Overflow via Large Packet to Synchronization Port
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp).
by Metasploit
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Code Injection via SESSION Superglobal
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
by Mango
ZipGenius 6.3.2.3000 - '.zip' Local Buffer Overflow
by C4SS!0 G0M3S
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Code Injection via SESSION Superglobal
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
by wofeiwo
appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - Cross-Site Scripting
by SecPod Research
By Source