Exploitdb Exploits
31,394 exploits tracked across all sources.
Gnew < 2013.1 - Path Traversal via gnew_language Cookie
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
by High-Tech Bridge SA
Gnew 2013.1 - SQL Injection via news_id, thread_id, or user_email Parameter
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
by High-Tech Bridge SA
GLPI < 0.84.2 - Cross-Site Request Forgery and SQL Injection via Install Script
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
by High-Tech Bridge SA
AlienVault OSSIM < 4.3 - SQL Injection via RadarReport Date Parameter
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
by Yu-Chi Ding
Evince PDF Reader 2.32.0.145 (Windows) / 3.4.0 (Linux) - Denial of Service
by Deva
PineApp Mail-SeCure <3.70 - Privilege Escalation
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
by Core Security
HylaFAX+ 5.2.4-5.5.3 - Heap-Based Buffer Overflow via Long USER Command
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
by Dennis Jenkins
XAMPP 1.8.1 - Cross-Site Scripting via WriteIntoLocalDisk Method
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
by Manuel García Cárdenas
simplerisk < 20130916-001 - Cross-Site Request Forgery via add_project Action
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.
by Ryan Dewhurst
mod_accounting < 0.5 - SQL Injection via Host Header
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
by Wireghoul
FreeSMS - '/pages/crc_handler.php?scheduleid' SQL Injection
by Sarahma Security
FreeSMS - '/pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities
by Sarahma Security
Posnic Stock Management System 1.02 - Multiple Vulnerabilities
by Sarahma Security
HP 2620-24-PoE+ Switch - Cross-Site Request Forgery via setPassword Method
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
by Hubert Gradek
X2Engine X2CRM < 3.5 - Authenticated Path Traversal via Translation Manager File Parameter
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
by High-Tech Bridge SA
X2Engine X2CRM < 3.5 - Cross-Site Scripting via Model Parameter
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
by High-Tech Bridge SA
Good for Enterprise <2.2.4.1659 - XSS
Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message.
by Mario
NOSpam PTI 2.1 - SQL Injection via comment_post_ID Parameter
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.
by Alexandro Silva
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service
by anonymous
By Source