Exploitdb Exploits
50,095 exploits tracked across all sources.
WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting
by John Leitch
Aigaion 1.3.4 - SQL Injection via ID Parameter in export action
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
by KnocKout
RDM Embedded Lock Manager < 9.x - 'lm_tcp' Service Buffer Overflow
by Luigi Auriemma
Linux Kernel < 2.6.36.2 - Privilege Escalation via KERNEL_DS get_fs Handling
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
by Dan Rosenberg
glibc 2.11.3/2.12.x-2.12.2 DoS via Adjacent Repetition in Regex
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
by Maksymilian Arciemowicz
SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities
by x0skel
Video Charge Studio 2.9.5.643 - '.vsc' Local Buffer Overflow (SEH)
by xsploited security
WinZip 15.0 - WZFLDVW.OCX Text Property Denial of Service
by Fady Mohammed Osman
WinZip 15.0 - WZFLDVW.OCX IconIndex Property Denial of Service
by Fady Mohammed Osman
Flash Player - 'Flash6.ocx' AllowScriptAccess Denial of Service (PoC)
by Dr_IDE
AVG Internet Security 2011 - Safe Search for IE Denial of Service
by Dr_IDE
phpMyAdmin < 3.4.0-beta1 - Cross-Site Scripting via BBcode Tag
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
by emgent white_sheep & scox
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
by LiquidWorm
FreeFloat FTP Server 1.0.0 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
by 0v3r
CVSS 9.8
Pulse CMS < 1.2.9 - Remote File Inclusion via Path Traversal in p Parameter
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
by Mark Stanislav
PHPKF Forum 1.80 - 'profil_degistir.php' Cross-Site Request Forgery
by FreWaL
UnrealIRCd 3.2.8.1 - Remote Code Execution via Trojaned DEBUG3_DOLOG_SYSTEM Macro
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
by Metasploit
By Source