Exploitdb Exploits
50,095 exploits tracked across all sources.
iOS FileApp < 2.0 - FTP Remote Denial of Service
by m0ebiusc0de
TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting
by KnocKout
SmarterStats 5.3 - Cross-Site Scripting via frmHelp.aspx url Parameter
Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter.
by sqlhacker
SmarterMail 7.1.3876 - Path Traversal
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
by sqlhacker
Trend Micro Internet Security Pro 2010 - RCE
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
by Trancer
Internet Information Services 5.1-7.5 - Denial of Service via Crafted ASP Request
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
by kingcope
Zen Cart 1.3.9f - 'typefilter' Local File Inclusion
by LiquidWorm
Tiki Wiki CMS Groupware 5.2 - Multiple Vulnerabilities
by John Leitch
phpMyShopping 1.0.1505 - Multiple Vulnerabilities
by Metropolis
jCart 1.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery/Open Redirect Vulnerabilities
by p0deje
Evaria Content Management System 1.1 - File Disclosure
by khayeye shotor
chipmunk_board 1.3 - SQL Injection via forumID Parameter
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
by Shamus
Intellicom Netbiter webSCADA Products - 'read.cgi' Multiple Remote Security Vulnerabilities
by Eugene Salov
Microsoft Windows and Office - Remote Code Execution via Malformed OpenType Font Parsing
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
by Abysssec
JE Guestbook (com_jeguestbook) 1.0 - SQL Injection
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
by Salvatore Fresta
Joomla! com_jedirectory 1.0 - SQL Injection
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
by Easy Laster
ASPMass Shopping Cart - Arbitrary File Upload / Cross-Site Request Forgery
by Abysssec
Microsoft Office <2008 for Mac - RCE
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
by Abysssec
Webspell wCMS-Clanscript4.01.02net - static Blind SQL Injection
by Easy Laster
By Source