Exploitdb Exploits
31,394 exploits tracked across all sources.
Baby Gekko < 1.2.0 - Cross-Site Scripting via Registration Parameters
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information.
by LiquidWorm
Baby Gekko < 1.2.0 - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php.
by LiquidWorm
PluXml < 5.1.5 - Path Traversal via default_lang Parameter
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
by High-Tech Bridge SA
baby_gekko < 1.2.0 - Unauthenticated Installation Path Exposure via Direct Request
Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php.
by LiquidWorm
OpenKM 5.1.7 - Cross-Site Request Forgery
by Cyrill Brunschwiler
Symantec pcAnywhere <12.5.3 - Privilege Escalation
Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.
by Edward Torkington
milesj/decoda < 3.3 - Cross-Site Scripting via img Tag URL
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag.
by RedTeam Pentesting
iGuard Security Access Control Device Firmware 3.6.7427A - Cross-Site Scripting
by Usman Saeed
MyClientBase 0.12 - SQL Injection via Invoice Search Parameters
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.
by Vulnerability-Lab
WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting
by Mehmet Ince
MyClientBase 0.12 - Cross-Site Scripting via First Name or Last Name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.
by Vulnerability-Lab
GENU CMS 2012.3 - Multiple SQL Injections
by Vulnerability-Lab
diy-cms 1.0 - Cross-Site Request Forgery via Poll Module
Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.
by Vulnerability-Lab
diy-cms 1.0 - Cross-Site Scripting via Poll Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php.
by Vulnerability-Lab
McAfee Virtual Technician <6.4 - RCE
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
by rgod
WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting
by Am!r
diy-cms 1.0 - SQL Injection via Poll Module start Parameter
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php.
by Vulnerability-Lab
NetArt Media Car Portal 3.0 - Stored Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile.
by Vulnerability-Lab
C4B XPhone Unified Communications 2011 Web 4.1.890S R1 - Cross-Site Scripting via Company Name
Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.
by Vulnerability-Lab
AlienVault Open Source Security Information Management 3.1 - Authenticated SQL Injection via time[0][0] Parameter
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
by Stefan Schurtz
By Source