Exploitdb Exploits
31,394 exploits tracked across all sources.
Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204-9.0.1.19899 - SQL Injection via Multiple CGI Parameters
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.
by Trustwave's SpiderLabs
CVSS 9.8
Scrutinizer NetFlow & sFlow Analyzer < 9.0.1.19899 - Unauthenticated Privilege Escalation via User Preferences CGI
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.
by Trustwave's SpiderLabs
CVSS 6.5
Newscoop 3.5.x < 3.5.5 and 4.x < 4 RC4 - Cross-Site Scripting via Back Parameter or Token/Email Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.
by High-Tech Bridge SA
Newscoop - SQL Injection via f_country_code Parameter
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.
by High-Tech Bridge SA
Newscoop 3.5.x < 3.5.5 and 4 < RC4 - Remote Code Execution via GLOBALS[g_campsiteDir] Parameter
Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php.
by High-Tech Bridge SA
Samsung D6000 Firmware - Denial of Service via Crafted Controller Name
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.
by Luigi Auriemma
OpenSSL < 0.9.8v, 1.0.0 < 1.0.0i, 1.0.1 < 1.0.1a - Buffer Overflow via Crafted DER Data
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
by Tavis Ormandy
VideoLAN VLC media player <2.0.1 - DoS
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
by Senator of Pirates
XOOPS < 2.5.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
by High-Tech Bridge SA
Newscoop < 3.5.5 - Cross-Site Scripting via f_user_name Parameter
Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.
by High-Tech Bridge SA
Scrutinizer NetFlow & sFlow Analyzer < 8.6.2.16204 - Cross-Site Scripting via Standalone Parameter
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.
by Trustwave's SpiderLabs
CVSS 6.1
Wireshark 1.4.x < 1.4.12 and 1.6.x < 1.6.6 - Denial of Service via Malformed ANSI A Packet
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
by Wireshark
OpenSSL 0.9.8v - Buffer Overflow via Crafted DER Data
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
by Tavis Ormandy
Samsung D6000 Firmware - Denial of Service via Long MAC Address Field
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
by Luigi Auriemma
XOOPS < 2.5.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
by High-Tech Bridge SA
XOOPS < 2.5.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
by High-Tech Bridge SA
owncloud < 3.0.3 - Open Redirect via Login Page redirect_url Parameter
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
by Tobias Glemser
TeamPass < 2.1.6 - Authenticated Cross-Site Scripting via Login Parameter
Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.
by Marcos Garcia
Joomla! Component JA T3 Framework - Directory Traversal
by indoushka
Acuity CMS 2.6.2 - Cross-Site Scripting via UserName Parameter
Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
by Aung Khant
WordPress Plugin Yahoo Answer - Multiple Cross-Site Scripting Vulnerabilities
by Ryuzaki Lawlet
Joomla! Plugin Beatz 1.1 - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant
Bioly 1.3 - '/index.php' Cross-Site Scripting / SQL Injection
by T0xic
By Source