Exploitdb Exploits
50,095 exploits tracked across all sources.
Joomla! Component Biblioteca 1.0 Beta - Multiple SQL Injections
by Salvatore Fresta
Microsoft Office Word 2000 SP3, 2002 SP3, 2007 SP1-SP2 - Remote Code Execution via Malformed Record
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."
by anonymous
PlayPad Music Player 1.12 - '.mp3' Denial of Service
by Praveen Darshanam
Karaoke Video Creator 2.2.8 - Denial of Service
by PASSEWORD
Crystal Player 1.98 - '.mls' Buffer Overflow
by Praveen Darshanam
AV Music Morpher Gold 5.0.38 - '.m3u' Denial of Service
by b0telh0
Joomla! Component com_extcalendar - Blind SQL Injection
by Lagripe-Dz
Oracle MySQL 5.1 < 5.1.49 and 5.5 < 5.5.5 - Authenticated Denial of Service via LOAD DATA INFILE
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
by Elena Stepanova
Oracle MySQL 5.1 - Authenticated Denial of Service via BINLOG Command
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
by Shane Bester
Oracle MySQL 5.1 < 5.1.49 and 5.5 < 5.5.5 - Authenticated Denial of Service via HANDLER Interface
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
by Matthias Leich
MySQL < 5.1.49 and < 5.0.92 - Authenticated Denial of Service via EXPLAIN with Crafted SELECT UNION ORDER BY
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
by Bjorn Munch
SonicWALL E-Class SSL-VPN - ActiveX Control Format String Overflow
by Nikolas Sotiriu
Syntax Highlighter 3.0.83 - 'index.html' HTML Injection
by indoushka
Cacti < 0.8.7g - Cross-Site Scripting via Filter Parameter
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
by Marc Schoenefeld
Oracle MySQL 5.1 - Authenticated Denial of Service via Temporary Table Creation with Nullable Columns
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
by Boris Reisig
Flock Browser 3.0.0.3989 - Cross-Site Scripting via Crafted Bookmark
Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.
by Lostmon
Nagios XI - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
by Adam Baldwin
FreeBSD 7.1-8.1-PRERELEASE - Denial of Service and Privilege Escalation via sendfile System Call
FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call.
by kingcope
Enemy Territory: Quake Wars 1.5.12642.33243 - Remote Buffer Overflow
by Luigi Auriemma
By Source