Exploitdb Exploits
31,394 exploits tracked across all sources.
Buffalo TeraStation TS-Series - Multiple Vulnerabilities
by Andrea Fabrizi
Hunt CCTV DVR Firmware - Unauthenticated Configuration Disclosure
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
by Alejandro Ramos
CVSS 7.5
FortiMail < 4.3.4 - Stored Cross-Site Scripting via Black List or Personal Black/White List
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
by Vulnerability-Lab
pfSense UTM Platform 2.0.1 - Cross-Site Scripting
by Dimitris Strevinas
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
by EgiX
Microsoft Internet Explorer 8-9 - CSRF
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
by Christian Haider
PHP weby directory software 1.2 - Multiple Vulnerabilities
by AkaStep
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
by EgiX
WordPress Plugin SolveMedia 1.1.0 - Cross-Site Request Forgery
by Junaid Hussain
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
by AkaStep
ImageCMS < 4.2 - Authenticated SQL Injection via Admin Search Parameter
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
Aloaha PDF Crypter (3.5.0.1164) - ActiveX Arbitrary File Overwrite
by shinnai
WP-Table Reloaded < 1.9.4 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
by hiphop
WordPress Theme Chocolate WP - Multiple Vulnerabilities
by Eugene Dokukin
gpEasy CMS < 3.5.2 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
by High-Tech Bridge SA
WordPress Plugin Developer Formatter - Cross-Site Request Forgery
by Junaid Hussain
DigiLIBE 3.4 - Exposure of Sensitive Configuration Information via Direct Request
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
by Robert Gilbert
Adult WebMaster Script - Password Disclosure
by Dshellnoi Unix
Perforce P4web 2011.1 and 2012.1 - Cross-Site Scripting
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
by Christy Philip Mathew
CVSS 6.1
NConf 1.3 - '/detail.php/detail_admin_items.php?id' SQL Injection
by haidao
Red Hat Enterprise Linux - Denial of Service via Long String to sort Command with -d or -M Switch
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
by anonymous
By Source