Exploitdb Exploits
50,095 exploits tracked across all sources.
Helix Server 14.0.1.571 - Administration Interface Cross-Site Request Forgery
by John Leitch
PHP < 5.3.3 - Denial of Service via NumberFormatter::getSymbol Integer Overflow
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
by Maksymilian Arciemowicz
Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow
by kingcope
BizDir 05.10 - 'f_srch' Cross-Site Scripting
by Aliaksandr Hartsuyeu
net2ftp 0.98 (stable) - '/admin1.template.php' Local/Remote File Inclusion
by Marcin Ressel
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload
by Salvatore Fresta
JExtensions JE Auto (com_jeauto) 1.0 - SQL Injection via Char Parameter
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
by Salvatore Fresta
Redback < 1.2.4 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.
by Anatolia Security
VMware Workstation/Player/Fusion/ESXi/ESX Command Injection via VMware Tools Update
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.
by Nahuel Grisolia
Firefox < 3.5.16 and 3.6.x < 3.6.13 - Cross-Site Scripting via Character Encoding Conversion
Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.
by Yosuke Hasegawa
WWWThread 5.0.8 Pro - 'showflat.pl' Cross-Site Scripting
by Aliaksandr Hartsuyeu
Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution
by Kryptos Logic
Internet Explorer 6-8 - Use-After-Free in CSS Parser via Self-Referential @import Rule
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
by WooYun
wp-safe-search 0.7 - Cross-Site Scripting via v1 Parameter
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
by John Leitch
WordPress Processing Embed <0.5 - XSS
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter.
by John Leitch
Drupal Module Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam - Multiple Vulnerabilities
by Justin Klein Keane
Invensys Wonderware InBatch 8.1 and 9.0 - Buffer Overflow via Crafted Request to Port 9001
Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001.
by Luigi Auriemma
Allegro RomPager 4.07 - UPnP HTTP Request Remote Denial of Service
by Ricky-Lee Birtles
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by High-Tech Bridge SA
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by High-Tech Bridge SA
By Source