Exploitdb Exploits
31,394 exploits tracked across all sources.
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
WordPress Theme ShopperPress - SQL Injection / Cross-Site Scripting
by Benjamin Kunz Mejri
Mahara 1.4.0-1.4.2 and 1.5.0-1.5.1 - Cross-Site Scripting via Login Form, Links, Resources, and Display Name
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
by anonymous
CVSS 6.1
Joomla! Component com_joomgalaxy 1.2.0.4 - Multiple Vulnerabilities
by D4NB4R
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
ManageEngine Mobile Application Manager 10 - SQL Injection
by Vulnerability-Lab
ManageEngine Applications Manager 8.1 build 8100 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection
by Patrick de Brouwer
Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
glibc < 2.13 and eglibc < 2.13 - Remote Code Execution via SSSE3 Optimization
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
by c0ntex
ManageEngine Applications Manager - Multiple SQL Injections
by Ibrahim El-Sayed
ManageEngine Applications Manager - Multiple Cross-Site Scripting / SQL Injections
by Ibrahim El-Sayed
Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting
by Oliver Karow
DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities
by Raymond Rizk
Zenoss Core 3.x - Command Injection
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
by Brendan Coles
Plixer Scrutinizer < 9.5.0 - Cross-Site Scripting via d4d/exporters.php Query String or HTTP Referer Header
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
by Mario Ceballos
Plixer Scrutinizer <9.5.0 - Code Injection
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
by Mario Ceballos
Plixer Scrutinizer < 9.5.0 - Unauthenticated Administrative Account Creation via admin.cgi userprefs Action
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
by Mario Ceballos
By Source