Exploitdb Exploits
31,394 exploits tracked across all sources.
ar web content manager 2.2 - Unauthenticated Improper Authentication via cookie_gen.php
cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.
by Sooel Son
WordPress Plugin FLV Player - 'id' SQL Injection
by Ashiyane Digital Security Team
OrangeHRM 2.7.1 RC 1 - SQL Injection
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.
by High-Tech Bridge
Cryptocat < 2.0.22 - Remote Script Injection via Improper Input Sanitization
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
by Mario Heiderich
CVSS 9.8
Cryptocat < 2.0.22 - Information Disclosure via img/keygen.gif
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
by Mario Heiderich
CVSS 7.5
AVerCaster Pro RS3400 Web Server - Directory Traversal
by Patrick Saladino
VeriFone VeriCentre Web Console <2.2.36 - SQL Injection
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
by Cory Eubanks
ZPanel < 10.0.1 - SQL Injection via inEmailAddress Parameter
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
by pcsjj
ZPanel < 10.0.1 - Cross-Site Scripting via inFullname Parameter
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.
by pcsjj
ZPanel < 10.0.1 - Cross-Site Request Forgery via FTP User Creation
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
by pcsjj
ZPanel 10.0.1 - Weak Password Recovery Mechanism
ZPanel 10.0.1 has insufficient entropy for its password reset process.
by pcsjj
CVSS 9.8
CheckPoint/Sofaware Firewall - Multiple Vulnerabilities
by Procheckup
Sysax FTP Automation Server 5.33 - Local Privilege Escalation
by Craig Freyman
Adobe Reader 11.0.0 - Stack Overflow Crash (PoC)
by coolkaveh
WordPress Plugin Spider Catalog 1.1 - HTML Code Injection / Cross-Site Scripting
by D4NB4R
AWAuctionScript CMS - Multiple Remote Vulnerabilities
by X-Cisadane
Joomla! Component Parcoauto - 'idVeicolo' SQL Injection
by Andrea Bocchetti
All Video Gallery <1.2.0 - Info Disclosure
Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors.
by Ashiyane Digital Security Team
vBulletin ChangUonDyU Advanced Statistics - SQL Injection
by Juno_okyo
DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities
by r45c4l
By Source