Exploitdb Exploits

CVE-2015-5161 EXPLOITDB text

Zend Framework < 2.4.6 - XXE

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.

by Dawid Golunski

View

EIP-2026-104295 EXPLOITDB text

Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities

by Martino Sani

View

EIP-2026-115924 EXPLOITDB text

NetServe FTP Client 1.0 - Local Denial of Service

by Un_N0n

View

EIP-2026-102287 EXPLOITDB text

Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting

by Taurus Omar

View

EIP-2026-114279 EXPLOITDB text

WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download

by Larry W. Cashdollar

View

EIP-2026-114053 EXPLOITDB text

WordPress Plugin Simple Image Manipulator 1.0 - Arbitrary File Download

by Larry W. Cashdollar

View

EIP-2026-114001 EXPLOITDB text

WordPress Plugin Recent Backups 0.7 - Arbitrary File Download

by Larry W. Cashdollar

View

EIP-2026-113618 EXPLOITDB text

WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download

by Larry W. Cashdollar

View

EIP-2026-113200 EXPLOITDB text VERIFIED

WDS CMS - SQL Injection

by Ismail Marzouk

View

EIP-2026-114166 EXPLOITDB text

WordPress Plugin Video Gallery 2.7 - SQL Injection

by Kacper Szurek

View

EIP-2026-104563 EXPLOITDB text

Apple Mac OSX Keychain - EXC_BAD_ACCESS Denial of Service

by Juan Sacco

View

CVE-2015-2321 EXPLOITDB text

Job Manager < 0.7.22 - XSS

Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.

by Owais Mehtab

View

EIP-2026-110735 EXPLOITDB text VERIFIED

PHP News Script 4.0.0 - SQL Injection

by Meisam Monsef

View

EIP-2026-109450 EXPLOITDB text

Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution

by LiquidWorm

View

EIP-2026-107268 EXPLOITDB text

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure

by Dustin Dörr

View

EIP-2026-112595 EXPLOITDB text VERIFIED

Tendoo CMS 1.3 - Cross-Site Scripting

by Arash Khazaei

View

EIP-2026-111045 EXPLOITDB text

phpFileManager 0.9.8 - Cross-Site Request Forgery

by hyp3rlinx

View

EIP-2026-108919 EXPLOITDB text VERIFIED

JoomShopping - Blind SQL Injection

by Mormoroth

View

EIP-2026-104827 EXPLOITDB text VERIFIED

2Moons - Multiple Vulnerabilities

by bRpsd

View

EIP-2026-111046 EXPLOITDB text VERIFIED

phpFileManager 0.9.8 - Remote Command Execution

by hyp3rlinx

View

CVE-2015-5602 EXPLOITDB text VERIFIED

Sudo <1.8.15 - Privilege Escalation

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

by daniel svartman

View

CVE-2015-4668 EXPLOITDB MEDIUM text

Xceedium Xsuite - Open Redirect

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.

by modzero

CVSS 6.1

View

CVE-2015-4667 EXPLOITDB CRITICAL text

Xceedium Xsuite - Hard-coded Credentials

Multiple hardcoded credentials in Xsuite 2.x.

by modzero

CVSS 9.8

View

CVE-2015-4666 EXPLOITDB text

Xceedium Xsuite - Path Traversal

Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.

by modzero

View

CVE-2015-4665 EXPLOITDB text

Xceedium Xsuite - XSS

Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.

by modzero

View