Exploitdb Exploits
31,394 exploits tracked across all sources.
NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities
by Vulnerability-Lab
ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities
by Vulnerability-Lab
Trend Micro InterScan Messaging Security Suite 7.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.
by modpr0be
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Authenticated OS Command Injection
These Sinapsi devices do not check for special elements in commands sent
to the system. By accessing certain pages with administrative privileges
that do not require authentication within the device, attackers can
execute arbitrary, unexpected, or dangerous commands directly onto the
operating system.
by Roberto Paleari
Sinapsi eSolar, eSolar DUO, eSolar Light and sinapsi_firmware < 2.0.2870 - Use of Hard-coded Password
These Sinapsi devices
store hard-coded passwords in the PHP file of the device. By using the
hard-coded passwords in the device, attackers can log into the device
with administrative privileges. This could allow the attacker to have
unauthorized access.
by Roberto Paleari
Sinapsi eSolar, eSolar DUO, and eSolar Light < 2.0.2870_xxx_2.2.12 - Unauthenticated SQL Injection
These Sinapsi devices do not check the validity of the data before
executing queries. By accessing the SQL table of certain pages that do
not require authentication within the device, attackers can leak
information from the device. This could allow the attacker to compromise
confidentiality.
by Roberto Paleari
Subrion CMS < 2.2.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
by LiquidWorm
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Unauthenticated Administrative Access
These Sinapsi devices
do not check if users that visit pages within the device have properly
authenticated. By directly visiting the pages within the device,
attackers can gain unauthorized access with administrative privileges.
by Roberto Paleari
Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting
by D. Niedermaier
Knowledge Base Enterprise Edition 4.62.0 - SQL Injection
by Vulnerability-Lab
Google Chrome < 18.0.1025306 - Same Origin Policy Bypass via Symlink
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
by Artem Chaykin
Google Chrome <18.0.1025308 - Info Disclosure
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
by Artem Chaykin
Google Chrome <18.0.1025308 - Info Disclosure
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
by Artem Chaykin
Google Chrome < 18.0.1025306 - Cross-Site Scripting via Intent Extra
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."
by Artem Chaykin
VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities
by Ertebat Gostar Co
VICIDIAL Call Center Suite - Multiple SQL Injections
by Ertebat Gostar Co
Joomla! com_rokmodule 1.1 - SQL Injection
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
by Yarolinux
DeltaScripts PHP Links < 1.3 - SQL Injection via admin_username Parameter
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
by L0n3ly-H34rT
By Source