Exploitdb Exploits
31,394 exploits tracked across all sources.
TP-Link Gateway 3.12.4 - Multiple Vulnerabilities
by Vulnerability-Lab
Kajona < 3.4.2 - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
WordPress Plugin WP-Predict 1.0 - Blind SQL Injection
by Chris Kellum
MGB - Multiple Cross-Site Scripting / SQL Injections
by Stefan Schurtz
Flogr - 'tag' Multiple Cross-Site Scripting Vulnerabilities
by Nafsh
WebsitePanel < 1.2.2.1 - Open Redirect via ReturnUrl Parameter
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
by Anastasios Monachos
Sflog! CMS 1.0 - Authenticated Arbitrary File Upload via Blog Management Interface
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.
by dun
WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
by Sammy FORGIT
WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting
by Sammy FORGIT
WordPress Plugin church_admin - 'id' Cross-Site Scripting
by Sammy FORGIT
Webmatic 3.1.1 - SQL Injection via Referer HTTP Header
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
by High-Tech Bridge SA
Event Script PHP 1.1 CMS - Multiple Vulnerabilities
by Vulnerability-Lab
org.apache.sling.servlets.post < 2.1.2 - Denial of Service via @CopyFrom Operation
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
by IOactive
WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting
by Sammy FORGIT
Guestbook Scripts PHP 1.5 - Multiple Vulnerabilities
by Vulnerability-Lab
Freeside SelfService CGI/API 2.3.3 - Multiple Vulnerabilities
by Vulnerability-Lab
.NET Framework - Tilde Character Denial of Service
by Soroush Dalili
WordPress Plugin MoodThingy Widget 0.8.7 - Blind SQL Injection
by Chris Kellum
Classified Ads Script PHP - 'admin.php' Multiple SQL Injections
by snup
By Source