Exploitdb Exploits
31,394 exploits tracked across all sources.
PHP Server Monitor - Persistent Cross-Site Scripting
by loneferret
dotproject < 2.1.7 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge
dotproject < 2.1.7 - Cross-Site Scripting via Callback, Field, or Company Name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886.
by High-Tech Bridge
Apple QuickTime < 7.7.3 - Remote Code Execution via Crafted Targa Image
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
by Senator of Pirates
WordPress Theme Madebymilk - 'id' SQL Injection
by Ashiyane Digital Security Team
WordPress Plugin Facebook Survey 1.0 - SQL Injection
by Vulnerability Research Laboratory
openSIS 5.1 - 'ajax.php' Local File Inclusion
by Julian Horoszkiewicz
SonicWALL CDP 5040 6.x - Multiple Vulnerabilities
by Vulnerability-Lab
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
by HaCkeR_EgY
WordPress Theme Dailyedition-mouss - 'id' SQL Injection
by Ashiyane Digital Security Team
WordPress Plugin Tagged Albums - 'id' SQL Injection
by Ashiyane Digital Security Team
friendsinwar FAQ Manager - 'view_faq.php?question' SQL Injection
by unsuprise
Friends in War The FAQ Manager - 'question' SQL Injection
by unsuprise
ATutor 2.1 - 'tool_file' Local File Inclusion
by Julian Horoszkiewicz
Novell NetIQ Privileged User Manager 2.3.1 - 'ldapagnt.dll' ldapagnt_eval() Perl Code Evaluation Remote Code Execution
by rgod
NetIQ Privileged User Manager 2.3.x - Authenticated Path Traversal and Arbitrary File Write via Log Pathname
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
by rgod
iDev Rentals 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
By Source