Exploitdb Exploits
50,095 exploits tracked across all sources.
WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting
by High-Tech Bridge SA
WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting
by High-Tech Bridge SA
WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities
by High-Tech Bridge SA
WordPress Plugin 1 Flash Gallery 0.2.5 - Cross-Site Scripting / SQL Injection
by High-Tech Bridge SA
Ruubikcms 1.0.3 - 'head.php' Cross-Site Scripting
by Khashayar Fereidani
PHP < 5.3.6 - Denial of Service via OpenSSL Extension Memory Leak
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.
by dovbysh
PHP < 5.3.6 - Denial of Service via OpenSSL Extension Memory Leak
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.
by dovbysh
Novell iPrint Client 5.52 - Stack-based Buffer Overflow via ienipp.ocx ActiveX Control
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
by Metasploit
WellinTech KingView 6.52-6.53 - Remote Code Execution via KVWebSvr.dll ValidateUser Method
Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.
by Carlos Mario Penagos Hollmann
EggAvatar 2.3.2 for vBulletin 3.8.x - Local File Read
by DSecurity
Kodak InSite 5.5.2 - Cross-Site Scripting via Language Parameter, HeaderWarning Parameter, or User-Agent Header
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.
by Dionach
Kodak InSite 5.5.2 - Cross-Site Scripting via Language Parameter, HeaderWarning Parameter, or User-Agent Header
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.
by Dionach
FocalMedia.Net Quick Polls < 1.0.1 - Path Traversal and Arbitrary File Deletion via p Parameter
Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.
by Mark Stanislav
N-13 News 4.0 - Cross-Site Request Forgery (Add Admin)
by AtT4CKxT3rR0r1ST
Allied Telesyn AT-TFTP < 1.9 - Stack-Based Buffer Overflow via Long Filename in GET or PUT Command
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
by Metasploit
vtiger CRM 5.0.4 - Path Traversal and Arbitrary File Execution via Module Parameter
Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files.
by TecR0c
By Source