Exploitdb Exploits
50,095 exploits tracked across all sources.
Mail in Apple Mac OS X Leopard (10.5.1) - RCE
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
by Metasploit
nostromo < 1.9.4 - Remote Code Execution and Arbitrary File Read via Encoded Dot-Dot-Slash
Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.
by RedTeam Pentesting GmbH
InterPhoto Image Gallery 2.4.2 - 'IPLANG' Local File Inclusion
by AutoSec Tools
Microsoft .NET Framework 3.5 Gold/SP1, 3.5.1, 4.0 - Remote Code Execution via JIT Compiler Null String Handling
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
by Brian Mancini
CVSS 7.7
Microsoft Office - Stack-based Buffer Overflow via Crafted RTF Data
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
by Metasploit
CVSS 7.8
WordPress Plugin PHP Speedy 0.5.2 - 'admin_container.php' Remote Code Execution
by mr_me
Lms Web Ensino - Multiple Input Validation Vulnerabilities
by waKKu
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
by kingcope
CVSS 5.3
iOS iFileExplorer Free - Directory Traversal
by theSmallNothin
COMTREND ADSL Router CT-5367 C01_R12 - Remote Code Execution
by Todor Donev
xtcModified 1.05 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
Support Incident Tracker (SiT!) 3.62 - Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
phpWebSite 1.7.1 - 'local' Cross-Site Scripting
by AutoSec Tools
Interleave 5.5.0.2 - 'basicstats.php' Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
NetSupport Manager Agent <=11.00 Remote Code Execution via Long Control Hostname
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.
by Metasploit
Citrix Access Gateway <5.0 - Command Injection
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
by Metasploit
Readmore Systems Script - SQL Injection
by vBzone & Zooka & El3arby
By Source