Exploitdb Exploits
31,394 exploits tracked across all sources.
CodeIgniter < 2.1.2 - Cross-Site Scripting via xss_clean() Filter Bypass
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.
by Krzysztof Kotowicz
CVSS 6.1
Barracuda SSL VPN < 2.2.2.203 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
by Benjamin Kunz Mejri
Barracuda SSL VPN < 2.2.2.203 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
by Benjamin Kunz Mejri
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
Rama Zeiten CMS - 'download.php' Remote File Disclosure
by Sammy FORGIT
Event Calender PHP - Multiple Input Validation Vulnerabilities
by snup
EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities
by Sammy FORGIT
CakePHP 2.1.0-2.1.4 and 2.1.0-alpha-2.1.4 - XML External Entity Injection
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
by Pawel Wylecial
CVSS 7.5
Vivotek Cameras - Sensitive Information Disclosure
by GothicX
Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload
by D4NB4R
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
by dun
WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload
by Chris Kellum
Joomla! Component com_ksadvertiser - Remote File / Bypass Upload
by D4NB4R
Microsoft Lync 2010 and 2010 Attendee - Cross-Site Scripting via SafeHTML Component
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
by Adi Cohen
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Vulnerability-Lab
Phonalisa - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
House Style 0.1.2 - 'readfile()' Local File Disclosure
by GoLd_M
By Source