Exploitdb Exploits
50,095 exploits tracked across all sources.
Smarty Template Engine 2.6.9 - '$smarty.template' PHP Code Injection
by jonieske
MihanTools 1.33 - SQL Injection via product.php id Parameter
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by WHITE_DEVIL
Auto Database System 1.0 Infusion Addon - SQL Injection
by Saif
Sunos - Buffer Overflow
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
by Rodrigo Rubira Branco
Air Contacts Lite - HTTP Packet Denial of Service
by Rodrigo Escobar
Microsoft SQL Server <9.00.1399.06 - Buffer Overflow
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
by Metasploit
Microsoft SQL Server <7.0 - Privilege Escalation
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
by Metasploit
Internet Explorer 6-8 - Use-After-Free in CSS Parser via Self-Referential @import Rule
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
by Metasploit
VLC media player < 1.1.6.1 - Remote Code Execution via Crafted MKV File
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
by Metasploit
Windows XP/2003/Vista/2008 - Remote Code Execution via Crafted Thumbnail Bitmap
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
by Metasploit
WebAsyst Shop-Script - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
Cain & Abel 2.7.3 - 'dagc.dll' DLL Loading Arbitrary Code Execution
by d3c0der
AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow
by Carlos Mario Penagos Hollmann
AoA DVD Creator 2.5 - ActiveX Stack Overflow
by Carlos Mario Penagos Hollmann
T-Content Managment System - Multiple Vulnerabilities
by Daniel Godoy
jakcms 2.0 pro rc5 - Persistent Cross-Site Scripting via useragent http header Injection
by Saif El-Sherei
By Source