Exploitdb Exploits
50,095 exploits tracked across all sources.
Mini-CMS / News Script Light 1.0 - Remote File Inclusion
by bd0rk
Kontakt Formular 1.1 - Remote Code Execution via script_pfad Parameter
PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
by bd0rk
Hycus CMS 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by 10n1z3d
Gaestebuch 1.2 - Remote Code Execution via script_pfad Parameter
PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
by bd0rk
CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
Atomic Photo Album 1.0.2 - Multiple Vulnerabilities
by sh00t0ut
EncFS < 1.7.0 - Information Disclosure via SSL_Cipher.cpp Header Construction
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
by Micha Riser
Microsoft Groove 2007 SP2 - Privilege Escalation
Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
by Beenu Arora
Microsoft Windows Contacts - Untrusted Search Path and DLL Hijacking via Trojan Horse wab32res.dll
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.
by storm
Acunetix Web Vulnerability Scanner - DLL Loading Arbitrary Code Execution
by Kolor
iMatix Xitami Web Server 2.5c2 - Remote Code Execution via Long If-Modified-Since Header
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
by Metasploit
NetTransport Download Manager 2.90.510 - Remote Buffer Overflow (Metasploit)
by Metasploit
Microsoft Windows <SP1 - Buffer Overflow
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
by Metasploit
Windows 2000 and 2003 Server - Remote Code Execution via RRAS RPC Request
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
by Metasploit
Microsoft Internet Explorer <6.0 - RCE
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
by Metasploit
Mercur Messaging 5.0 SP3 - Buffer Overflow
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.
by Metasploit
httpdx <1.5 - Remote Code Execution
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
by Metasploit
httpdx <1.5 - Remote Code Execution
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
by Metasploit
Eureka Email 2.2q - Remote Code Execution via Long POP3 Error Message
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
by Metasploit
Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Executions
by storm
uTorrent <= 2.0.3 - DLL Hijacking via Trojan Horse DLL in Torrent File Directory
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.
by Dr_IDE
VLC Media Player < 1.1.3 - Untrusted Search Path and DLL Hijacking via wintab32.dll
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.
by Secfence
TechSmith Snagit 10.x-11.x - Untrusted Search Path and DLL Hijacking via dwmapi.dll
Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.
by Encrypt3d.M!nd
By Source