Exploitdb Exploits
50,095 exploits tracked across all sources.
CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery
by High-Tech Bridge SA
Rosoft Media Player 4.4.4 - Local Buffer Overflow (SEH) (2)
by dijital1
Zomplog 3.9 - Cross-Site Scripting / Cross-Site Request Forgery
by 10n1z3d
php-fusion - Path Traversal via folder_level Parameter
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
by MoDaMeR
Joomla! com_weblinks - SQL Injection via Itemid Parameter
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ViRuS Qalaa
Joomla! Component com_fireboard - 'Itemid' SQL Injection
by ViRuS Qalaa
Guestbook Script PHP - Cross-Site Scripting / HTML Injection
by AnTi SeCuRe
Ingres database server <9.0.4 - RCE
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
by fdiskyou
Adobe Reader 8.2.3 and 9.3.3 and Acrobat 9.3.3 - Remote Code Execution via TrueType Font maxCompositePoints Overflow
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
by Ramz Afzar
Sports Accelerator Suite 2.0 - 'news_id' SQL Injection
by LiquidWorm
Saurus CMS Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities
by Fady Mohammed Osman
Adobe ColdFusion <9.0.1 - Path Traversal
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
by anonymous
CVSS 9.8
Xion Audio Player <1.0.126 - Buffer Overflow
Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.
by corelanc0d3r
Microsoft Windows Kerberos - 'Pass The Ticket' Replay Security Bypass
by Emmanuel Bouillon
SmartCode ServerX VNC Server ActiveX 1.1.5.0 - 'scvncsrvx.dll' Denial of Service
by LiquidWorm
MailForm 1.2 - Remote Code Execution via Theme Parameter
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
by LoSt.HaCkEr
Get Tube < 4.51 - SQL Injection via video.php id Parameter
SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.P3rfekT
Edit-X PHP CMS - 'search_text' Cross-Site Scripting
by High-Tech Bridge SA
By Source