Exploitdb Exploits
50,095 exploits tracked across all sources.
Micro CMS 1.0 - 'name' HTML Injection (2)
by SecPod Research
Sawmill Enterprise < 8.1.7.3 - Multiple Vulnerabilities
by SEC Consult
Oracle Java SE/Jav for Bus <6-5 - Info Disclosure
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
by Roberto Suggi Liverani
Microsoft .NET Framework - Info Disclosure
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
by Agustin Azubel
libsmi 0.4.8 - Buffer Overflow via Long OID String
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.
by Core Security
Oracle iPlanet Web Server <7.0 - Info Disclosure
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container.
by Roberto Suggi Liverani
VideoLAN VLC Media Player 1.1.4 Mozilla MultiMedia Plugin - Remote Code Execution
by shinnai
PowerDVD 5.0.1107 - 'trigger.dll' DLL Loading Arbitrary Code Execution
by Inj3cti0n P4ck3t
Phoenix Project Manager 2.1.0.8 - DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
Novell iManager - 'getMultiPartParameters' Arbitrary File Upload (Metasploit)
by Metasploit
Disk Pulse Server 2.2.34 - 'GetServerInfo' Remote Buffer Overflow (Metasploit)
by James Fitts
Cool iPhone Ringtone Maker 2.2.3 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
Winamp < 5.6 - Buffer Overflow in in_mod Plugin via Comment Box
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
by Mighty-D
MASS PLAYER 2.1 - File Processing Remote Denial of Service
by Sweet
Hanso Converter 1.4.0 - '.ogg' Denial of Service
by anT!-Tr0J4n
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)
by KnocKout
sNews 1.7 - 'snews.php' Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
phpcheckz 1.1.0 - SQL Injection via chart.php id Parameter
SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Salvatore Fresta
Event Ticket Portal Script Admin Password Change - Cross-Site Request Forgery
by KnocKout
4site CMS < 2.6 - SQL Injection via Catalog Index cat Parameter
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
by High-Tech Bridge SA
JBoss Application Server - Unauthenticated Administrative Access via Default Configuration
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
by Metasploit
Mozilla Firefox <3.5.14 & <3.6.11 - Buffer Overflow
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
by Alexander Miller
Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
by Dan Rosenberg
CVSS 7.8
Fat Player 0.6b - Remote Code Execution via Long String in WAV File
Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.
by James Fitts
By Source