Exploitdb Exploits
50,095 exploits tracked across all sources.
Mambo/Joomla! - com_elite_experts - SQL Injection
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
by **RoAd_KiLlEr**
WebDAV - Application DLL Hijacker (Metasploit)
by Metasploit
MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
by Abysssec
Microsoft Windows MPEG Layer-3 Audio Codecs - Remote Code Execution via Crafted AVI File
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
by Abysssec
FreePBX < 2.8.0 - Authenticated Path Traversal and Arbitrary File Write via System Recordings Component
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
by Trustwave's SpiderLabs
Collaborative Passwords Manager 1.07 - Multiple Local File Inclusions
by sh00t0ut
Linksys WRT54G <4.20.7 - Buffer Overflow
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
by Metasploit
Microsoft Excel - HFPicture Record Parsing Memory Corruption
by Abysssec
WAnewsletter 2.1.2 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by BrOx-Dz
OpenText LiveLink 9.7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Alejandro Ramos
Geeklog 1.3.8 - SQL Injection via lid Parameter
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
by Gamoscu
Adobe Acrobat and Reader 9.x < 9.3.3 and 8.x < 8.2.3 - Remote Code Execution via Crafted Flash Content in PDF
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.
by Abysssec
Sothink SWF Decompiler - 'dwmapi.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
GreenBrowser - 'RSRC32.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
Easy Office Recovery - 'dwmapi.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
MP3 Workstation 9.2.1.1.2 - Local Overflow (SEH) (Metasploit)
by Madjix
Adobe Shockwave Player <11.5.8.612 - Memory Corruption
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie.
by Abysssec
Skybluecanvas 1.1-r248 - Cross-Site Request Forgery
by Sweet
com_timetrack 1.2.4 - SQL Injection via ct_id Parameter
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
by Salvatore Fresta
Joostina (com_ezautos) - SQL Injection
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
by Gamoscu
BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass
by K-159
By Source