Exploitdb Exploits
31,394 exploits tracked across all sources.
UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion
by Vulnerability-Lab
My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
iPhone OS < 6.1.4 - Passcode Lock Bypass via Race Condition
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
by Vulnerability-Lab
Cart66 Lite Plugin < 1.5.1.15 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.
by absane
Cart66 Lite Plugin < 1.5.1.14 - Cross-Site Scripting via Product Name or Price Description
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
by absane
CVSS 6.1
StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading
by spiderboy
Android < 4.0.3 - Denial of Service via Zygote Process Fork Request
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
by Luca Verderame
ALLPlayer 5.6.2-5.8.1 - Buffer Overflow via .m3u Playlist File
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
by metacom
Ziteman CMS - Login Page SQL Injection
by Ashiyane Digital Security Team
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
by Giuseppe D'Amore
Bugzilla 4.1.x-4.2.x < 4.2.7 and 4.3.x-4.4.x < 4.4.1 - Cross-Site Scripting via Tabular Report Field Values
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.
by Mateusz Goik
Bugzilla 2.x-4.0.10, 4.1.x-4.2.6, 4.3.x-4.4.0 - Cross-Site Scripting via editflagtypes.cgi id or sortkey Parameter
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter.
by Mateusz Goik
WordPress Plugin WP-Realty - 'listing_id' SQL Injection
by Napsterakos
WordPress Plugin Quick Contact Form 6.0 - Persistent Cross-Site Scripting
by Zy0d0x
Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Directory Traversal
by Ding Yu-Chi
Apple Motion 5.0.7 - Denial of Service via OZDocument::parseElement Integer Overflow
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.
by Jean Pascal Pereira
davfs2 1.4.6-1.4.7 - Privilege Escalation via System Function in kernel_interface.c and mount_davfs.c
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
by Lorenzo Cantoni
FlashChat 6.0.2, 6.0.4-6.0.8 - Unauthenticated Arbitrary File Upload via upload.php
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.
by x-hayben21
elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities
by Vulnerability-Lab
Aanval 7.1 build 70151 - Multiple Vulnerabilities
by xistence
SPAMINA Cloud Email Firewall - Directory Traversal
by Sisco Barrera
Gnew 2013.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors.
by High-Tech Bridge SA
By Source