Exploitdb Exploits
31,394 exploits tracked across all sources.
KindEditor - Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities
by MustLive
Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting
by Manuel García Cárdenas
terillion_reviews_plugin < 1.1 - Cross-Site Scripting via ProfileId Field
Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.
by Aditya Balapure
McAfee Vulnerability Manager 7.5 - Cross-Site Scripting via cert_cn Cookie Parameter
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
by Asheesh Anaconda
Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.
by LiquidWorm
CVSS 7.5
Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.
by LiquidWorm
CVSS 5.3
CosCMS < 1.822 - Authenticated OS Command Injection via Uploaded File Name
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
by High-Tech Bridge SA
MariaDB 5.1.x-5.5.x - Denial of Service via Crafted Geometry Feature
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
by Alyssa Milburn
mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read
by Sergey Bobrov
Remote File Manager 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Matrix42 Service Store <5.33.946.0 - XSS
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.
by 43zsec
WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting
by alejandr0.m0f0
Varnish Cache - Multiple Denial of Service Vulnerabilities
by tytusromekiatomek
Squid - 'httpMakeVaryMark()' Remote Denial of Service
by tytusromekiatomek
HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting
by Julien Ahrens
D-Link DSL-2740B Firmware EU_1.0 - Unauthenticated Authentication Bypass via login.cgi
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
by Ivano Binetti
Plogger - Multiple Input Validation Vulnerabilities
by Saadat Ullah
Piwigo < 2.4.7 - Cross-Site Request Forgery via LocalFiles Editor Plugin
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
by High-Tech Bridge SA
Uploader 1.0.4 - Cross-Site Scripting via Notify or Blog Parameter
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
by CodeV
Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
by High-Tech Bridge SA
PHP-Fusion <7.02.05 - SQL Injection
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
by waraxe
By Source