Exploitdb Exploits
50,095 exploits tracked across all sources.
Football Website Manager 1.1 - SQL Injection / Multiple HTML Injection Vulnerabilities
by RoAd_KiLlEr
Snom IP Phone Web Interface < 8 - Multiple Vulnerabilities
by Yakir Wizman
ediSys eZip Wizard 3.0 - Stack-Based Buffer Overflow via Crafted ZIP File
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
by Metasploit
eXPert PDF 7.0.880.0 - '.pj' Heap Buffer Overflow
by KedAns-Dz
AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service
by Antu Sanadi
TemaTres 1.3 - '_search_expresion' Cross-Site Scripting
by AutoSec Tools
OrangeHRM 2.6.3 - 'PluginController.php' Local File Inclusion
by AutoSec Tools
eyeOS 1.9.0.2 - Image File Handling HTML Injection
by Alberto Ortega
ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting
by Saif
WordPress Plugin Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities
by High-Tech Bridge SA
Nuke Evolution Xtreme 2.0 - Local File Inclusion / SQL Injection
by KedAns-Dz
First Escort Marketing CMS - Multiple SQL Injections Vulnerabilities
by NoNameMT
DynMedia Pro Web CMS 4.0 - Local File Disclosure
by Mbah_Semar
Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting
by AutoSec Tools
4Images 1.7.9 - Multiple Vulnerabilities
by High-Tech Bridge SA
PHP <5.3.14, <5.4.4 - Buffer Overflow
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
by Alexander Gavrun
Spreecommerce < 0.50.x - Unauthenticated Remote Code Execution via API Search Parameter
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using Ruby’s send method. This flaw enables unauthenticated attackers to execute commands on the server.
by Metasploit
CVSS 9.8
By Source