Exploitdb Exploits
31,394 exploits tracked across all sources.
WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting
by Stefan Schurtz
McAfee Virtual Technician and ePO-MVT < 6.5.0.2101 - Arbitrary File Write via McHealthCheck.dll Save Method
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
by High-Tech Bridge SA
Synchroweb SynConnect 2.0 - SQL Injection via LoginID Parameter
SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action.
by Bhadresh Patel
AWS XMS 2.5 - Path Traversal via 'what' Parameter
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.
by High-Tech Bridge SA
CVSS 7.5
jPlayer < 2.2.20 - Cross-Site Scripting via jQuery or id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
by Malte Batram
Draytek Vigor 3900 1.06 - Local Privilege Escalation
by Mohammad abou hayt
PsychoStats 3.2.2b - SQL Injection via Awards Page d Parameter
SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.
by Mohamed from ALG
OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities
by 3spi0n
MyBB 1.6.6 - SQL Injection via conditions[usergroup][] Parameter
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
by Aditya Modha
MyBB 1.6.6 - Cross-Site Scripting via User Search Conditions Parameter
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
by Aditya Modha
ClipShare Pro <2008 - SQL Injection
SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.
by Esac
WordPress Plugin Mathjax Latex 1.1 - Cross-Site Request Forgery
by Junaid Hussain
IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection
by Fernando A. Lagos B
Free Hosting Manager 2.0.2 - Multiple SQL Injections
by Saadi Siddiqui
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Local Privilege Escalation
by Julien Ahrens
By Source