Exploitdb Exploits
31,394 exploits tracked across all sources.
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
by Fara Rustein
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
by Fara Rustein
Tableau Server 8.0.x-8.0.6 and 8.1.x-8.1.1 - Authenticated SQL Injection
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
by Trustwave's SpiderLabs
WordPress Plugin Frontend Upload - Arbitrary File Upload
by Daniel Godoy
Buddypress <1.9.2 - Privilege Escalation
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
by Pietro Oliva
CVSS 6.5
WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery
by killall-9
MyBB Extended Useradmininfo Plugin 1.2.1 - Cross-Site Scripting
by Fikri Fadzil
S9Y Serendipity 1.7.5 - 'Backend' Multiple Vulnerabilities
by Stefan Schurtz
osCommerce Online Merchant < 2.3.3.4 - Authenticated SQL Injection via zID Parameter
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
by Ahmed Aboul-Ela
doorGets CMS <= 5.2 - Authenticated SQL Injection via _position_down_id Parameter
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CTERA Cloud Storage OS <3.2.29.0-3.2.42.0 - XSS
Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.
by Luigi Vezzoso
AuraCMS <= 2.3 - Authenticated SQL Injection via Search Parameter or HTTP Headers
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
by High-Tech Bridge SA
Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation
by LiquidWorm
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Core Security
PHP Webcam Video Conference - Multiple Vulnerabilities
by vinicius777
D-Link DIR-100 Firmware 4.03B07 - Unauthenticated Authentication Bypass via cli.cgi
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
by Felix Richter
CVSS 8.8
TopicsViewer 3.0 Beta 1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
by AtT4CKxT3rR0r1ST
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
by TUNISIAN CYBER
owncloud < 6.0.1 - Authenticated Stored Cross-Site Scripting via Uploaded Filename
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
by absane
CVSS 5.4
By Source