Exploitdb Exploits
31,394 exploits tracked across all sources.
Web Help Desk by SolarWinds - Persistent Cross-Site Scripting
by loneferret
Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection
by Ibrahim El-Sayed
Open Realty - 'select_users_lang' Local File Inclusion
by L0n3ly-H34rT
Template CMS < 2.1.1 - Cross-Site Scripting via themes_editor Parameter
Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php.
by High-Tech Bridge SA
Novell Sentinel Log Manager < 1.2.0.3 - Unauthenticated Data Retention Policy Creation via RPC Request
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action.
by Piotr Chmylkowski
XnView 1.99 and 1.99.1 - Remote Code Execution via Crafted JLS Image File
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
by Joseph Sheridan
Cyme ChartFX Client Server - ActiveX Control Array Indexing
by Francis Provencher
Template CMS < 2.1.1 - Cross-Site Request Forgery via Admin User Creation or Theme Editor
Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.
by High-Tech Bridge SA
phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities
by L0n3ly-H34rT
WordPress Plugin spider Calendar - Multiple Vulnerabilities
by D4NB4R
PhpTax 0.8 - Unauthenticated Remote Code Execution via drawimage.php pfilez Parameter
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
by Jean Pascal Pereira
ZenPhoto - 'admin-news-articles.php' Cross-Site Scripting
by Scott Herbert
Switchvox - Multiple HTML Injection Vulnerabilities
by Ibrahim El-Sayed
Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities
by Vulnerability Laboratory
AlamFifa CMS - 'user_name_cookie' SQL Injection
by L0n3ly-H34rT
IBM Lotus Notes Traveler 8.5.1.x - Multiple Input Validation Vulnerabilities
by MustLive
Smartfren Connex EC 1261-2 UI OUC - Local Privilege Escalation
by X-Cisadane
JAMF Casper Suite < 8.61 - Cross-Site Request Forgery via Save Action
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.
by Jacob Holcomb
WordPress Plugin ABC Test - 'id' Cross-Site Scripting
by Scott Herbert
ViArt Shop Evaluation 4.1 - Multiple Remote File Inclusions
by L0n3ly-H34rT
By Source