Exploitdb Exploits
50,095 exploits tracked across all sources.
PHP 5.3.5 - Denial of Service via Invalid Size Argument in grapheme_extract
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
by Maksymilian Arciemowicz
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
by chap0
ActFax Server (LPD/LPR) 4.25 Build 0221 (2010-02-11) - Remote Buffer Overflow
by chap0
mySeatXT 0.164 - 'lang' Local File Inclusion
by AutoSec Tools
Ruby on Rails 3.0.5 - Improper Input Validation in X-Forwarded-For Header
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
by Jimmy Bandit
Rae Media INC Real Estate <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
by R4dc0re
Rae Media INC Real Estate <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
by R4dc0re
Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow
by mr_me
AutoPlay 1.33 (autoplay.ini) - Local Buffer Overflow (SEH)
by badc0re
Wikipad 1.6.0 - Cross-Site Scripting / HTML Injection / Information Disclosure
by High-Tech Bridge SA
Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload
by s3rg3770 & Chuzz
lingxia_i.c.e_cms 1.0 - SQL Injection via session.user_id Parameter
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.
by mr_me
Windows Server 2003 - Remote Code Execution via Malformed BROWSER ELECTION Message
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
by Cupidon-3005
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
By Source