Exploitdb Exploits
31,342 exploits tracked across all sources.
pragmaMx <1.12.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
pragmaMx <1.12.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
Pligg CMS <1.2.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
by High-Tech Bridge SA
phpCollab 2.5 - Database Backup Information Disclosure
by team ' & 1=1--
Plogger 1.0 Beta 3.0 - SQL Injection
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Eyup CELIK
mosh <1.2.1 - DoS
The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Timo Juhani Lindfors
Yandex.Server 2010 9.0 Enterprise - XSS
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
by MustLive
Zodiacdm Aboutme-plugin - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
Jspautsch Firstlastnames - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting
by Eyup CELIK
Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions
by Aung Khant
Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp?path' Traversal Arbitrary File Access
by Aung Khant
Concrete5 CMS FlashUploader - Arbitrary '.SWF' File Upload
by AkaStep
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
by Eyup CELIK
Freenac - XSS
Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php.
by blake
PHP Address Book 7.0.0 - Multiple Vulnerabilities
by Stefan Schurtz
Freenac - Improper Input Validation
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.
by blake
Microsoft Windows 7 - Access Control
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
by Cr4sh
Vanillaforums Latestcomment - XSS
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
by Henry Hoggard
Skincrafter - Memory Corruption
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
by saurabh sharma
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
Artiphp CMS 5.5.0 Neo - XSS
Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter.
by Gjoko Krstic
Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security
by anonymous
Atlassian Bamboo < 3.3.4 - Denial of Service
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
by anonymous
CVSS 9.1
By Source