Exploitdb Exploits
31,394 exploits tracked across all sources.
YingZhiPython - Directory Traversal / Arbitrary File Upload
by Larry Cashdollar
Cisco Wireless LAN Controller <6.0.200.0-7.0.112.0 - DoS
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426.
by Daniel Smith
WordPress Plugin Token Manager - 'tid' Cross-Site Scripting
by TheCyberNuxbie
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
by LiquidWorm
ZEN Load Balancer - Multiple Vulnerabilities
by Brendan Coles
MF Gig Calendar 0.9.2 - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
by Chris Cooper
SpiceWorks 6.0.00993 - Multiple Script Injection Vulnerabilities
by LiquidWorm
SonicWALL email security 7.3.5 - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Plugin wp-topbar 4.02 - Multiple Vulnerabilities
by Blake Entrekin
Fortigate UTM WAF Appliance - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
by AkaStep
vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection
by Am!r
AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
Auxilium RateMyPet - Unauthenticated Arbitrary File Upload via Banner Upload Feature
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
by DaOne
Novell GroupWise <8.0.3-2012.SP1 - RCE
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
by Francis Provencher
Netsweeper WebAdmin Portal - Impact Unknown
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
by Jacob Holcomb
minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by ayastar
CoSoSys Endpoint Protector 4 - Info Disclosure
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack.
by Christopher Campbell
By Source