Exploitdb Exploits
2,012 exploits tracked across all sources.
TinyCMS 1.3 - Arbitrary File Upload / Cross-Site Request Forgery
by KedAns-Dz
4PSA VoIPNow Professional 2.5.3 - Multiple Vulnerabilities
by Aboud-el
Sony VAIO PC Wireless LAN Wizard 1.0-4.11 - Buffer Overflow
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.
by High-Tech Bridge SA
Phpenter Php Enter - Code Injection
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.
by L3b-r1'z
Samsung Net-i Viewer - Memory Corruption
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
by blake
Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities
by Gjoko Krstic
BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by LiquidWorm
Oscmax < 2.5.0 - SQL Injection
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.
by High-Tech Bridge SA
FlatnuX CMS <2011 08.09.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
by Vulnerability Laboratory
Apple Safari 5.1.5 For Windows - 'window.open()' URI Spoofing
by Lostmon
Family Connections CMS <2.9 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
by Ahmed Elhady Mohamed
CVSS 8.8
PHPMyVisites 2.4 - 'PHPmv2/index.php' Multiple Cross-Site Scripting Vulnerabilities
by AkaStep
Traidnt Topics Viewer 2.0 - 'main.php' Cross-Site Request Forgery
by Green Hornet
Dotclear <2.4.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
by High-Tech Bridge SA
Mozilla Seamonkey < 3.6.17 - Numeric Error
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
by pa_kt
D-Link - CSRF
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
by Rigan Iimrigan
D-Link - CSRF
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
by rigan
Plume-cms Plume Cms < 1.2.4 - CSRF
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.
by Ivano Binetti
Syndeocms < 3.0.00 - CSRF
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.
by Ivano Binetti
Socialcms - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.
by Ivano Binetti
D-Link DAP-1150 1.2.94 - Cross-Site Request Forgery
by MustLive
Zen Cart 1.3.9h - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php.
by DisK0nn3cT
Flyspray 0.9.9.6 - CSRF
Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.
by Vaibhav Gupta
PDF Viewer Component - ActiveX Denial of Service
by Senator of Pirates
By Source