Exploitdb Exploits
31,394 exploits tracked across all sources.
Print n Share 5.5 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
Apple Safari For Windows - PhishingAlert Security Bypass
by Jackmasa
WordPress Plugin Easy Career Openings - 'jobid' SQL Injection
by Iranian_Dark_Coders_Team
WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure
by aceeeeeeeer .
NeoBill 0.9-alpha - 'language' Local File Inclusion
by KedAns-Dz
Enorth Webpublisher CMS < 5.0 - SQL Injection via thisday Parameter
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
by xin.wang
BoxBilling 3.6.11 - 'mod_notification' Persistent Cross-Site Scripting
by LiquidWorm
Zimbra 7.2.2-8.0.2 - Path Traversal
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
by rubina119
SonicWALL GMS Analyzer and UMA EM5000 7.1 SP1 - Authenticated Cross-Site Scripting via valfield_1 or value_1 Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
by Vulnerability-Lab
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
MySQL < 5.0.40 and 5.1 < 5.1.18-beta - Denial of Service via Crafted IF Clause
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
by Neil Kettle
Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
Dokeos < 2.2 - SQL Injection via Language Parameter
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
by High-Tech Bridge SA
Chamilo LMS < 1.9.6 - Authenticated SQL Injection via Password Parameter
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
by High-Tech Bridge SA
FormCraft < 1.3.7 - SQL Injection via id Parameter
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ashiyane Digital Security Team
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
Multiple WordPress Orange Themes - Cross-Site Request Forgery (Arbitrary File Upload)
by Jje Incovers
TVT DVR Firmware < 3.2.0.p-3520a-03 - Path Traversal via URI
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
by Cesar Neira
Cisco Scientific Atlanta DPR2320R2 Firmware 2.0.2r1262-090417 - Cross-Site Request Forgery via Multiple Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
by sajith
Adobe Reader/Acrobat <9.5.4-10.1.6-11.0.02 - RCE
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.
by w3bd3vil & abh1sek
CVSS 7.8
Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities
by Thomas Pollet
By Source