Exploitdb Exploits
31,337 exploits tracked across all sources.
TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities
by W1ckerMan
KrisonAV CMS <3.0.2 - XSS
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
by High-Tech Bridge SA
Oracle WebCenter Sites - Integrity
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.
by SEC Consult
Oracle Java SE <7.17,6.43,5.41 - DoS
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
by SEC Consult
Foxit Reader 5.4.3.x < 5.4.5.0124 - PDF XREF Parsing Denial of Service
by FuzzMyApp
KrisonAV CMS <3.0.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
by High-Tech Bridge SA
ZPanel <10.1.0 - RCE
ZPanel through 10.1.0 has Remote Command Execution
by Sven Slootweg
CVSS 7.8
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities
by Henry Hoggard
Simpilotgroup Pop UP News - SQL Injection
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
by NoGe
Linux kernel <3.8.8 - DoS
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
by anonymous
Cisco Linksys EA2700 Router - Multiple Vulnerabilities
by Phil Purviance
Wesley Destailleur Todoo Forum - SQL Injection
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
Wesley Destailleur Todoo Forum - XSS
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
SimpleHRM <2.3 - SQL Injection
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
by Doraemon
Free Monthly Websites 2.0 - Admin Password Change
by Yassin Aboukir
Webdorado Spider Video Player - SQL Injection
SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.
by Ashiyane Digital Security Team
Bestpractical Request Tracker < 4.0.9 - SQL Injection
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
by cheki
Fabricio Zuardi Xspf Player Plugin - SQL Injection
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
by Ashiyane Digital Security Team
Hero Framework - '/users/forgot_password?error' Cross-Site Scripting
by High-Tech Bridge
Hero Framework - '/users/forgot_password?error' Cross-Site Scripting
by High-Tech Bridge
ZAPms <1.41 - SQL Injection
SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product.
by NoGe
Trafficanalyzer - XSS
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.
by Beni_Vanda
By Source