Exploitdb Exploits
50,095 exploits tracked across all sources.
Jira 4.0.1 - Cross-Site Scripting / Information Disclosure
by MaXe
Hyleos ChemView 1.9.5.1 - Remote Code Execution via HyleosChemView ActiveX Control
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
by Metasploit
EasyFTP Server 1.7.0.11 - 'MKD' Stack Buffer Overflow (Metasploit)
by Metasploit
QQPlayer 2.3.696.400p1 - '.smi' File Buffer Overflow
by Lufeng Li
Microsoft Internet Explorer 6/7 - Remote Denial of Service
by Richard leahy
Social Media - 'index.php' Local File Inclusion
by Harri Johansson
nubuilder <10.07.12 - Path Traversal
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
by John Leitch
Joomla! com_ttvideo 1.0 - SQL Injection
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
by Salvatore Fresta
Joomla! Component com_appointinator 1.0.1 - Multiple Vulnerabilities
by Salvatore Fresta
AdPeeps 8.5d1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.
by Matt
Opera 9 - Configuration Overwrite (Metasploit)
by Metasploit
httpdx 1.4 - Stack-based Buffer Overflow via Long HTTP GET Request
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
by Metasploit
CommuniCrypt Mail 1.16 - SMTP ActiveX Stack Buffer Overflow (Metasploit)
by Metasploit
Media Player Classic - Heap Overflow / Denial of Service
by Praveen Darshanam
SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
Visites (com_joomla-visites) 1.1 RC2 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Li0n-PaL
Joomla! <2.1.2, FreiChat/FreiChatPure - XSS
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.
by nag_sunny
Freeway CMS <1.4.3.210 - SQL Injection
SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.
by **RoAd_KiLlEr**
Anibal Monsalve Salazar sSMTP 2.61-2.62 - DoS
The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact
by Brendan Boerner
Novell ZENworks <6.5 - Buffer Overflow
Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests.
by Metasploit
Microsoft Windows NT 4.0, 2000, 2003 Server - Remote Code Execution via ASN.1 BER Length Field Overflow
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
by Metasploit
Microsoft Message Queuing - Stack-based Buffer Overflow via RPC Opnum 0x06
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
by Metasploit
Windows 2000 - Remote Code Execution via WebDAV Request
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
by Metasploit
Microsoft FrontPage Server Extensions <2002 - RCE
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
by Metasploit
By Source