Exploitdb Exploits
50,095 exploits tracked across all sources.
Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
Cisco AnyConnect Secure Mobility Client <2.3.185 - RCE
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
by Metasploit
The KMPlayer 3.0.0.1440 (Windows XP SP3) - '.mp3' File Buffer Overflow (DEP Bypass)
by dookie & ronin
vBulletin vBExperience 3 - 'sortorder' Cross-Site Scripting
by Mr.ThieF
Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting
by Patrick Webster
PopScript - 'index.php' Multiple Input Validation Vulnerabilities
by NassRawI
Nakid CMS 1.0.2 - 'CKEditorFuncNum' Cross-Site Scripting
by AutoSec Tools
Multiple WordPress WooThemes Themes - 'test.php' Cross-Site Scripting
by MustLive
Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload
by KedAns-Dz
WebSVN 2.3.2 - Unproper Metacharacters Escaping 'exec()' Remote Command Injection
by rgod
Xitami Web Server 2.5b4 - Remote Buffer Overflow (Egghunter)
by Glafkos Charalambous
OpenDrive 1.3.141 - Local Password Disclosure
by Glafkos Charalambous
Golden FTP Server <1.92 - Buffer Overflow
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.
by Metasploit
Linux Kernel < 2.6.39.3 - Race Condition in KSM scan_get_next_rmap_item
Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.
by Andrea Righi
MODACOM URoad-5000 1450 - Remote Command Execution / Backdoor Access
by Alex Stanev
EasyFTP 1.7.0.2 - Buffer Overflow via MKD Command Handler
A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.
by b33f
CVSS 6.3
TEDE Simplificado 1.01/S2.04 - Multiple SQL Injections
by KnocKout
PikaCMS - Multiple Local File Disclosure Vulnerabilities
by KnocKout
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections
by High-Tech Bridge SA
Icinga < 1.4.0 - Cross-Site Scripting via Expand Parameter
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
by Stefan Schurtz
Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities
by Juerd Waalboer
By Source