Exploitdb Exploits
31,394 exploits tracked across all sources.
Testa Online Test Management System 2.0.0.2 - SQL Injection via test_id Parameter
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.
by Ashiyane Digital Security Team
TOSHIBA TEC e-Studio 232, 233, 282, and 283 - Cross-Site Request Forgery in TopAccess
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by Hubert Gradek
Juniper Junos Authenticated RCE via J-Web PHP rsargs Parameter
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
by Sense of Security
WordPress Theme Highlight Premium - Cross-Site Request Forgery / Arbitrary File Upload
by DevilScreaM
Vanilla Forums <2.0.18.8 - Code Injection
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
by EgiX
projeqtor 3.4.0 - SQL Injection via objectId Parameter
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
by Vicente Aguilera Diaz
Horde Groupware Webmail Edition - Cross-Site Request Forgery and Cross-Site Scripting in Saved Search
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
by Marcela Benetrix
CVSS 8.8
appRain CMF < 3.0.2 - SQL Injection via PATH_INFO to blog-by-cat/
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
by High-Tech Bridge SA
Vivotek IP7160 IP7361 IP8332 Firmware - Unauthenticated RTSP Authentication Bypass
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
by Core Security
CVSS 7.5
HOT HOTBOX Router Firmware 2.1.11 - Denial of Service via Crafted HTTP POST Data
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
by Oz Elisyan
RASPcalendar 1.01 (ASP) - Admin Login
by Hackeri-AL UAH-Crew
Apache Tomcat < 5.5.25 - Cross-Site Request Forgery via Manager Application
Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.
by Ivano Binetti
WordPress Theme Think Responsive 1.0 - Arbitrary File Upload
by Byakuya Kouta
WordPress Theme Switchblade 1.3 - Arbitrary File Upload
by Byakuya Kouta
pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting
by Vulnerability-Lab
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
by LiquidWorm
Opsview < 4.4.1 - SQL Injection via service_selection Parameter
SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.
by J. Oquendo
ImpressPages CMS 3.6 - Multiple Cross-Site Scripting / SQL Injection Vulnerabilities
by LiquidWorm
Unicorn Router WB-3300NR - Cross-Site Request Forgery (Factory Reset/DNS Change)
by absane
Olat 7.8.0.1 - Cross-Site Scripting via Calendar Event Name or Date Field
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field.
by Vulnerability-Lab
XAMPP for Windows 1.8.2 - Blind SQL Injection
by Sebastián Magof
Olat 7.8.0.1 - Cross-Site Scripting via Calendar Location Field
Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
By Source