Exploitdb Exploits
31,394 exploits tracked across all sources.
OpenCart 1.4.7-1.5.5.1 - Path Traversal via Filemanager Bypass
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
by waraxe
CVSS 6.5
Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion
by DaOne
GnuTLS < 3.0.14 - Double Free via Crafted Certificate List
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
by Shawn the R0ck
ViewGit < 0.0.7 - Cross-Site Scripting via Tag or Branch Name
Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php.
by Matthew R. Bucci
CVSS 6.1
Rebus:list - 'list.php?list_id' SQL Injection
by Robert Cooper
Verizon FIOS Actiontec MI424WR-GEN3I Router Firmware 40.19.36 - Cross-Site Request Forgery via index.cgi
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.
by Jacob Holcomb
WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities
by m3tamantra
Joomla! Component com_rsfiles - 'cid' SQL Injection
by ByEge
Cisco Video Surveillance Manager < 7.0.0 - Unauthenticated Information Disclosure via VSMC Monitoring Pages
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
by Bassem
Open-Xchange Server <6.20.7 rev14, 6.22.0<rev13, 6.22.1<rev14 - MITM via Unverified X.509 Certs
OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.
by Martin Braun
Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow
by coolkaveh
Apache Rave 0.11-0.20 - Authenticated Sensitive Information Exposure via User RPC API
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
by Andreas Guth
Cisco Video Surveillance Operations Manager - Multiple Vulnerabilities
by b.saleh
RubyGems fastreader - 'entry_controller.rb' Remote Command Execution
by Larry W. Cashdollar
WordPress podPress Plugin <8.8.10.13 - XSS
Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.
by hiphop
CVSS 6.1
Privoxy < 3.0.21 - Proxy Authentication Spoofing via 407 Status Code
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
by Chris John Riley
PHPBoost - Arbitrary File Upload / Information Disclosure
by KedAns-Dz
By Source