Exploitdb Exploits
50,095 exploits tracked across all sources.
Adobe Reader/Acrobat 10.0.1 - Denial of Service
by Soroush Dalili
MyBloggie 2.1.6 - HTML Injection / SQL Injection
by Robin Verton
miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
Free Simple CMS 1.0 - Multiple Vulnerabilities
by High-Tech Bridge SA
IBM WebSphere Application Server <7.0.0.13 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
by Core Security
MPlayer - '.SAMI' Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)
by James Fitts
Opera 11.11 - Denial of Service via FONT FACE Attribute in IFRAME
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
by echo
Microsoft Windows Media Player with K-Lite Codec Pack - Denial of Service (PoC)
by Nicolas Krassas
Microsoft Office XP - Remote code Execution
by Francis Provencher
Microsoft Windows Server <2008 Gold-SP1 - DoS
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
by Core Security
vBTube 1.2.9 - 'vBTube.php' Multiple Cross-Site Scripting Vulnerabilities
by Mr.ThieF
PHP < 5.3.7 - Path Traversal and Arbitrary File Write via Multipart Form-Data Filename
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
by Krzysztof Kotowicz
Microsoft Windows XP - 'tskill' Local Privilege Escalation
by Todor Donev
WebFileExplorer 3.6 - 'user' / 'pass' SQL Injection
by pentesters.ir
PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (2)
by pentesters.ir
PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (1)
by pentesters.ir
Joomla! Component Scriptegrator 1.5 - Local File Inclusion
by jdc
Joomla! Component Minitek FAQ Book 1.3 - 'id' SQL Injection
by kaMtiEz
Oracle HTTP Server - Cross-Site Scripting Header Injection
by Yasser ABOUKIR
Microsoft Lync Server 2010 - 'ReachJoin.aspx' Remote Command Injection
by Mark Lachniet
By Source