Exploitdb Exploits
50,095 exploits tracked across all sources.
Microsoft Internet Explorer <7 - Use After Free
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
by Metasploit
CVSS 8.8
SAP Crystal Reports 2008 SP3 Fix Pack 3.2 - Remote Code Execution via Long ServerResourceVersion Property
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
by Dr_IDE
BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities
by Richard Brain
Apache Axis2 - Remote Code Execution via Default Admin Credentials
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
by Metasploit
Apache Axis2 - Remote Code Execution via Default Admin Credentials
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
by Metasploit
IBM Rational Quality Manager and Rational Test Lab Manager - Remote Code Execution via Default Tomcat ADMIN Password
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
by Metasploit
FontForge 20100501 - Stack-based Buffer Overflow via Long CHARSET_REGISTRY Header in BDF Font File
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
by Ulrik Persson
PHP TopSites 2.1 - '/rate.php' Cross-Site Scripting / SQL Injection
by c0de Hunters
Joomla! Component com_redirect 1.5.19 - Local File Inclusion
by jos_ali_joe
Mura CMS - Multiple Cross-Site Scripting Vulnerabilities
by Richard Brain
iSpot and ClearSpot Firmware 2.0.0.0 - Cross-Site Request Forgery via Multiple CGI Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
by Trustwave's SpiderLabs
Cetera eCommerce - 'banner.php' Cross-Site Scripting
by MustLive
Exim < 4.70 - Remote Code Execution via Crafted SMTP Headers
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
by kingcope
CVSS 9.8
Sulata iSoft - 'stream.php' Local File Disclosure
by Sudden_death
Social Share - 'vote.php' HTTP Response Splitting
by Aliaksandr Hartsuyeu
slickMsg 0.7-alpha - 'top.php' Cross-Site Scripting
by Aliaksandr Hartsuyeu
ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities
by Rob Kraus
Joomla! Component JExtensions Property Finder - 'sf_id' SQL Injection
by FL0RiX
Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities
by MustLive
Joomla! Component com_billyportfolio 1.1.2 - Blind SQL Injection
by jdc
By Source