Exploitdb Exploits
50,095 exploits tracked across all sources.
Mafya Oyun Scrpti - SQL Injection via profil.php id Parameter
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DeadLy DeMon
Ero Auktion 2010 - SQL Injection via item.php id Parameter
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.
by DeadLy DeMon
MHP DownloadScript <2.2 - SQL Injection
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information.
by DeadLy DeMon
Linux Kernel < 3.0 - Arbitrary Kernel Memory Write via ACPI Debugfs Custom Method
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
by Jon Oberheide
Windows 7 and Windows Server 2008 - Privilege Escalation via win32k.sys Input Validation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
by Stefan LE BERRE
Alt-N WebAdmin 3.3.3 - Remote Source Code Information Disclosure
by wsn1983
ViRobot Desktop 5.5 and Server 3.5 < 2008.8.1.1 - Local Privilege Escalation
by MJ0011
NProtect Anti-Virus 2007 < 2010.5.11.1 - Local Privilege Escalation
by MJ0011
ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Local Privilege Escalation
by MJ0011
AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Local Privilege Escalation
by MJ0011
Softbiz PHP Joke Site Software - Multiple SQL Injections
by v3n0m
Social Share - Multiple Cross-Site Scripting Vulnerabilities
by Aliaksandr Hartsuyeu
Radius Manager 3.8.0 - Authenticated Cross-Site Scripting via Name or Descr Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
by Rodrigo Rubira Branco
Radius Manager 3.8.0 - Authenticated Cross-Site Scripting via Name or Descr Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
by Rodrigo Rubira Branco
MH Products MHP Downloadshop - SQL Injection
SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by Easy Laster
Immo Makler - SQL Injection via News.php ID Parameter
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
MH Products Easy Online Shop - SQL Injection
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
by Easy Laster
D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings)
by outlaw.dll
Xion Audio Player <1.0.126 - Buffer Overflow
Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.
by Metasploit
Foxit PDF Reader < 4.2.0.0928 - Stack-based Buffer Overflow via PDF Info Title Entry
Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.
by Metasploit
Altarsoft Audio Converter 1.1 - Local Buffer Overflow (SEH)
by C4SS!0 G0M3S
Altap Salamander 2.5 PE Viewer Buffer Overflow
Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.
by Metasploit
Aesop GIF Creator 2.1 - '.aep' Local Buffer Overflow
by xsploitedsec
By Source