Exploitdb Exploits
50,095 exploits tracked across all sources.
Sun Microsystems SunScreen Firewall <5.9 - RCE
Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable.
by kingcope
Opera Web Browser 11.00 - 'option' HTML Element Integer Overflow
by C4SS!0 G0M3S
Lomtec ActiveWeb Professional 3.0 - Unauthenticated Arbitrary File Upload via EasyEdit Module
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.
by StenoPlasma
Microsoft SQL Server <9.00.1399.06 - Buffer Overflow
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
by Metasploit
Microsoft Fax - Cover Page Editor 5.2.3790.3959 Double-Free Memory Corruption
by Luigi Auriemma
WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting
by AutoSec Tools
WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Cross-Site Scripting
by AutoSec Tools
WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Cross-Site Scripting
by AutoSec Tools
WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting
by AutoSec Tools
Joomla! Component com_b2portfolio 1.0.0 - Multiple SQL Injections
by Salvatore Fresta
libxml2 2.6.x - 'XMLWriter::writeAttribute()' Memory Leak Information Disclosure
by Kees Cook
Golden FTP Server <1.92 - Buffer Overflow
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.
by cd1zz & iglesiasgg
WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure
by AutoSec Tools
WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting
by AutoSec Tools
RSS Feed Reader 0.1 for WordPress - Cross-Site Scripting via rss_url Parameter
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
by AutoSec Tools
WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting
by AutoSec Tools
PHP Link Directory 4.1.0 - Cross-Site Request Forgery via User Configuration
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action.
by AtT4CKxT3rR0r1ST
Oracle Java SE/Jav for Bus <6 Update 21 - Info Disclosure
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
by Metasploit
Microsoft Windows Server Service - Remote Code Execution via Crafted RPC Request
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
by Metasploit
CVSS 9.8
By Source