Exploitdb Exploits
31,342 exploits tracked across all sources.
WordPress Plugin Dynamic Widgets 1.5.1 - 'themes.php' Cross-Site Scripting
by Heine Pedersen
WordPress Plugin CataBlog 1.6 - 'admin.php' Cross-Site Scripting
by Heine Pedersen
WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
by Heine Pedersen
Brian Cabunac Browser TO Email Phone Message System - SQL Injection
SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
by Jean Pascal Pereira
Pro-face Pro-server EX < 1.30.000 - Memory Corruption
Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode.
by Luigi Auriemma
FlexNet License Server Manager - Stack Overflow In lmgrd
by Luigi Auriemma
Travelon Express 6.2.2 - RCE
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
by Vulnerability-Lab
Rwcinc Free Realty - SQL Injection
Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php.
by Vulnerability-Lab
Rwcinc Free Realty - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3) previewdesc, (4) fulldesc, or (5) notes parameter (b) to agentadmin.php or (c) in an addlisting action to agentadmin.php; or unspecified vectors to (d) admin/adminfeatures.php.
by Vulnerability-Lab
Itechscripts Proman Xpress - SQL Injection
SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Vulnerability-Lab
Travelon Express 6.2.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
by Vulnerability-Lab
Viscacha 0.8.1.1 - SQL Injection
Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.
by Vulnerability-Lab
WP-FaceThumb 0.1 - XSS
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
by d3v1l
Viscacha 0.8.1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar.
by Vulnerability-Lab
Itechscripts Travelon Express - SQL Injection
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
by Vulnerability-Lab
Itechscripts Proman Xpress - XSS
Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information.
by Vulnerability-Lab
Galette <0.64rc1 - SQL Injection
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
by sbz
Rwcinc Free Realty - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.
by Vulnerability-Lab
Pu-gh Sockso < 1.5 - XSS
Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by Ciaran McNally
QNX phrelay/phindows/phditto - Multiple Vulnerabilities
by Luigi Auriemma
Belkin F5D7234-4 v5 G Wireless Router - Remote Hash Exposed
by Avinash Tangirala
Hypermethod eLearning Server 4G - SQL Injection
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
by Andrey Komarov
Kerio WinRoute Firewall Web Server < 6 - Source Code Disclosure
by Andrey Komarov
Hypermethod eLearning Server 4G - RCE
PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by Andrey Komarov
By Source