Exploitdb Exploits
31,339 exploits tracked across all sources.
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
Rama Zeiten CMS - 'download.php' Remote File Disclosure
by Sammy FORGIT
Event Calender PHP - Multiple Input Validation Vulnerabilities
by snup
EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities
by Sammy FORGIT
Cakefoundation Cakephp < 2.1.5 - XXE
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
by Pawel Wylecial
CVSS 7.5
Vivotek Cameras - Sensitive Information Disclosure
by GothicX
Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload
by D4NB4R
WebPageTest <2.6 - RCE
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
by dun
WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload
by Chris Kellum
Joomla! Component com_ksadvertiser - Remote File / Bypass Upload
by D4NB4R
Microsoft Lync - Information Disclosure
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
by Adi Cohen
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Vulnerability-Lab
Phonalisa - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
House Style 0.1.2 - 'readfile()' Local File Disclosure
by GoLd_M
TP-Link Gateway 3.12.4 - Multiple Vulnerabilities
by Vulnerability-Lab
Kajona < 3.4.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
WordPress Plugin WP-Predict 1.0 - Blind SQL Injection
by Chris Kellum
By Source