Exploitdb Exploits
31,394 exploits tracked across all sources.
FlatnuX CMS 2011 08.09.2 - Path Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
by Vulnerability Laboratory
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
SAMEDIA LandShop 0.9.2 - Cross-Site Scripting via OTR_HEADS Parameter
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information.
by Vulnerability-Lab
SAMEDIA LandShop 0.9.2 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
by Vulnerability-Lab
EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Malformed AUTHENTICATECONNECTION Command
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.
by Luigi Auriemma
BuddyPress 1.5.x < 1.5.5 - SQL Injection via Activity Widget Filter Page Parameter
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
by Ivan Terkin
Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection
by Easy Laster
SAMEDIA LandShop 0.9.2 - SQL Injection via OB_ID, AREA_ID, or start Parameter
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
by Vulnerability-Lab
EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Integer Overflow in DPA_Utilities Library
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
by Luigi Auriemma
Coppermine Photo Gallery < 1.5.20 - Authenticated Cross-Site Scripting via Keywords Parameter
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
by waraxe
Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow
by Vulnerability-Lab
SyndeoCMS < 3.0.01 - Authenticated Stored Cross-Site Scripting via Email Parameter
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
by Ivano Binetti
PHP Designer 2007 Personal - Multiple SQL Injections
by MR.XpR
DAlbum < 1.44 - Cross-Site Request Forgery in User Management
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
by Ahmed Elhady Mohamed
Coppermine Photo Gallery < 1.5.20 - Exposure of Sensitive Information via Error Message
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
by waraxe
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections
by SecPod Research
Simple Machines Forum 2.0.2 - Cross-Site Scripting via Scheduled Parameter
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
by Am!r
ezjscore < 1.4 - Cross-Site Scripting via textEncode Function
Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Yann MICHARD
By Source