Exploitdb Exploits
31,394 exploits tracked across all sources.
WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities
by Matan Azugi
TestLink < 1.9.3 - Cross-Site Request Forgery via User Management
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
by High-Tech Bridge SA
Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities
by LiquidWorm
Sitecom Home Storage Center - Authentication Bypass
by Mattijs van Ommeren
web@all - Local File Inclusion / Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
by Brendan Coles
Kayako Fusion 4.40.1148 - Cross-Site Scripting via PATH_INFO in PHPExcel Download Script
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by High-Tech Bridge
flogr < 2.5.6 - Cross-Site Scripting via PATH_INFO or Arbitrary Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.
by High-Tech Bridge
Extcalendar 2.0 - Multiple SQL Injections / HTML Injection Vulnerabilities
by Ashiyane Digital Security Team
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections
by Andrea Fabrizi
Cm3 CMS - 'search.asp' Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
Sciretech (Multiple Products) - Multiple SQL Injections
by AkaStep
PHPFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
Group-Office < 4.0.90 - Authenticated SQL Injection via Calendar Sort Parameter
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
by Chris Cooper
GreenHopper < 5.9.8 - Stored Cross-Site Scripting in UpdateFieldJson.jspa
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.
by Hoyt LLC Research
CVSS 5.4
Sitemax Maestro - SQL Injection / Local File Inclusion
by AkaStep
Sitecom Home Storage Center - Directory Traversal
by Mattijs van Ommeren
By Source