Exploitdb Exploits
31,394 exploits tracked across all sources.
Yellow Duck Framework 2.0 Beta1 - Local File Disclosure
by L3b-r1'z
Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
by AkaStep
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
Pligg CMS < 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
by High-Tech Bridge SA
phpCollab 2.5 - Database Backup Information Disclosure
by team ' & 1=1--
Plogger 1.0 Beta 3.0 - SQL Injection
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Eyup CELIK
mosh < 1.2.1 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Timo Juhani Lindfors
Yandex.Server 2010 9.0 Enterprise - XSS
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
by MustLive
AboutMe plugin 1.1.1 for Vanilla Forums - Stored Cross-Site Scripting via Edit My Details Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
FirstLastNames 1.1.1 - Cross-Site Scripting via User FirstName or LastName Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting
by Eyup CELIK
Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions
by Aung Khant
Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp?path' Traversal Arbitrary File Access
by Aung Khant
Concrete5 CMS FlashUploader - Arbitrary '.SWF' File Upload
by AkaStep
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
by Eyup CELIK
FreeNAC 3.02 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php.
by blake
PHP Address Book 7.0.0 - Multiple Vulnerabilities
by Stefan Schurtz
FreeNAC 3.02 - SQL Injection via Device Add Status Parameter
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.
by blake
Windows 7 and Windows Server 2008 - Privilege Escalation via Keyboard Layout File
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
by Cr4sh
LatestComment 1.1 - Cross-Site Scripting via Discussion Title
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
by Henry Hoggard
SkinCrafter 3.0 - Buffer Overflow via InitLicenKeys reg_name Argument
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
by saurabh sharma
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
Artiphp CMS 5.5.0 Neo - Cross-Site Scripting via artpublic/recommandation/index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter.
by Gjoko Krstic
By Source