Exploitdb Exploits
50,095 exploits tracked across all sources.
GIMP 2.6.11 - Heap-Based Buffer Overflow in PSP Plugin via RLE Compression
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.
by non customers
QuickPHP Web Server - Arbitrary '.php' File Download
by Yakir Wizman
Chilkat Software FTP2 - ActiveX Component Remote Code Execution
by rgod
Apache Axis2 - Remote Code Execution via Default Admin Credentials
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
by rgod
TYPO3 <4.2.16, 4.3.9, 4.4.5 - Path Traversal
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
by ikki
TYPO3 4.2.0-4.2.14, 4.3.0-4.3.6, 4.4.0-4.4.3 - Unauthenticated Arbitrary File Read via jumpUrl Hash Comparison
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
by ikki
httpdasm 0.92 - Unauthenticated Path Traversal via URL-Encoded Backslashes
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.
by John Leitch
QuickPHP Web Server 1.9.1 - Directory Traversal
by John Leitch
Digital Music Pad 8.2.3.4.8 - '.pls' Local Overflow (SEH)
by Abhishek Lyall
Typsoft FTP Server < 1.11 - Denial of Service via Multiple RETR Commands
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
by emgent
QuickTime Picture Viewer 7.6.6 JP2000 - Denial of Service
by BraniX
IrfanView 4.27 - 'JP2000.dll' plugin Denial of Service
by BraniX
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
by Saif
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ali Raheem
News Script PHP Pro - 'FCKeditor' Arbitrary File Upload
by Net.Edit0r
LoveCMS 1.6.2 - Cross-Site Request Forgery / Code Injection
by hiphop
LightNEasy 3.2.2 - Multiple Vulnerabilities
by High-Tech Bridge SA
Discovery TorrentTrader 2.6 - Multiple Vulnerabilities
by EsS4ndre
By Source