Exploitdb Exploits
31,394 exploits tracked across all sources.
Oracle Demantra Demand Management - SQL Injection
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others.
by Portcullis
Oracle Demantra Demand Management - SQL Injection
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others.
by Portcullis
Oracle Demantra Demand Management - Info Disclosure
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
by Portcullis
Oracle Demantra Demand Management <12.2.1 - Info Disclosure
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
by Portcullis
VideoWhisper Live Streaming <4.29.5 - Info Disclosure
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
by High-Tech Bridge SA
Softaculous Webuzo < 2.1.4 - Username Enumeration via Login Error Messages
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
by Mahendra
webERP 4.11.3 - 'SalesInquiry.php?SortBy' SQL Injection
by HauntIT
PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection
by HauntIT
SpagoBI < 4.1 - Privilege Escalation via AdapterHTTP Script
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
by Christian Catalano
CVSS 8.8
Plex Media Server < 0.9.9.2 - Server-Side Request Forgery and Authentication Bypass via X-Plex-Url Header
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
by SEC Consult
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation
by SEC Consult
Ganesha Digital Library 4.2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
by ByEge
Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
POSH < 3.2.1 - SQL Injection via RSS URL Parameter
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
by Anthony BAUBE
Piwigo < 2.6.2 - Cross-Site Request Forgery via User Addition in Administration Panel
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
by killall-9
CVSS 6.5
Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow
by tishion
Sendy 1.1.8.4 - SQL Injection via i Parameter
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
by Hurley
Private Camera Pro 5.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Technicolor TC7200 - Info Disclosure
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
by Jeroen - IT Nerdbox
CVSS 7.5
WordPress AdRotate Pro/FREE <3.9.5/3.9.4 - SQL Injection
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
by High-Tech Bridge SA
ILIAS 4.4.1 - Authenticated Cross-Site Scripting via tar, tar_val, or title Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
by HauntIT
ATutor 2.1.1 - Authenticated Stored Cross-Site Scripting via Forum Title Parameter
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
by HauntIT
By Source