Exploitdb Exploits
50,095 exploits tracked across all sources.
Easy FTP 1.7.0.11 - 'NLST' / 'NLST -al' / 'APPE' / 'RETR' / 'SIZE' / 'XCWD' Remote Buffer Overflow
by Rabih Mohsen
AoA Audio Extractor - Remote ActiveX SEH JIT Spray (ASLR + DEP Bypass)
by Dr_IDE
Microsoft Windows Vista/Server 2008/7 Privilege Escalation via Registry Key ACL Misconfiguration
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
by Cesar Cerrudo
CVSS 7.8
Rosoft Media Player 4.4.4 - Buffer Overflow (SEH) (PoC)
by anonymous
Mthree Development MP3 to WAV Decoder - Denial of Service
by Oh Yaw Theng
Windows Kernel win32k.sys - Privilege Escalation via Pseudo-Handle Validation Bypass
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
by Core Security
Windows XP SP2-SP3 and Windows Server 2003 SP2 - Privilege Escalation via Win32k Exception Handling
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
by MJ0011
Microsoft XML Core Services 3.0 - Remote Code Execution via Crafted HTTP Response
Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."
by Skylined
Microsoft Windows SMB Server - Remote Code Execution via Crafted SMB Packet
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
by laurent gaffie
SyntaxCMS - 'rows_per_page' SQL Injection
by High-Tech Bridge SA
Onyx - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
Nasim Guest Book 1.2 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
com_teams 1_1028_100809_1711 - SQL Injection via PlayerID Parameter
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
by Salvatore Fresta
Amblog 1.0 for Joomla! - SQL Injection via articleid or catid Parameter
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
by Salvatore Fresta
dBpowerAMP Audio Player 2 - 'FileExists' ActiveX Buffer Overflow
by s-dz
Fat Player 0.6b - Remote Code Execution via Long String in WAV File
Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.
by Praveen Darshanam
Visual MP3 Splitter & Joiner 6.1 - Denial of Service
by Oh Yaw Theng
Quintessential Media Player 5.0.121 - '.m3u' Buffer Overflow
by Abhishek Lyall
QQ Computer Manager - 'TSKsp.sys' Local Denial of Service
by Lufeng Li
Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
By Source