Exploitdb Exploits
31,394 exploits tracked across all sources.
Piwigo < 2.3.3 - Remote File Inclusion via Upgrade Language Parameter
Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by High-Tech Bridge SA
Piwigo < 2.3.4 - Cross-Site Scripting via Admin Panel Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
by High-Tech Bridge SA
cifs-utils - Exposure of Sensitive Information via Error Message
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
by Sha0
RuggedCom Rugged Operating System < 3.10.1 - Unauthenticated Backdoor Account Access via MAC Address Calculation
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
by jc
Microsoft .NET Framework Remote Code Execution via Improper Function Parameter Validation
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
by Akita Software Security
PHP Ticket System Beta 1 - SQL Injection via q Parameter
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
by G13
Joomla! Component com_videogallery - Local File Inclusion / SQL Injection
by KedAns-Dz
RuggedCom ROS <3.3 - Info Disclosure
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
by jc
Mobipocket Reader 6.2 Build 608 - Buffer Overflow
by shinnai
chillcreations mod_ccnewsletter 1.0.7-1.0.9 - SQL Injection via id Parameter
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
by E1nzte1N
Havalite CMS < 1.0.4 - Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.
by Vulnerability-Lab
Samsung NET-i viewer - Remote Code Execution via ConnectDDNS Method
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
Samsung NET-i viewer 1.37.120316 - Remote Code Execution via BackupToAvi Method
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
Oracle Java SE <7u4 & <6u32 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
by Roberto Suggi Liverani
Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 - Info ...
Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.
by Roberto Suggi Liverani
Samsung NET-i viewer 1.37.120316 - Denial of Service via Negative Size Value in TCP Request
Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
vtiger CRM 5.1.0 - Path Traversal via module_name Parameter
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
by Pi3rrot
Waylu CMS - '/products_xx.php' SQL Injection / HTML Injection
by TheCyberNuxbie
Pendulab ChatBlazer 8.5 - 'Username' Cross-Site Scripting
by sonyy
Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204-9.0.1.19899 - Cross-Site Scripting via newUser Parameter
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.
by Trustwave's SpiderLabs
CVSS 6.1
By Source