Exploitdb Exploits
31,394 exploits tracked across all sources.
Max's Guestbook 1.0 - Multiple Remote Vulnerabilities
by n0tch
asaanCart 0.9 - Path Traversal via Page Parameter
Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php.
by Number 7
presto! pagemanager 9.01 - Multiple Vulnerabilities
by Luigi Auriemma
Sitecom WLM-2501 - Cross-Site Request Forgery in Multiple Admin Forms
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.
by Ivano Binetti
PBLang 4.65 - Directory Traversal via setcookie.php u Parameter
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
by Number 7
Omnistar Live - Cross-Site Scripting / SQL Injection
by sonyy
4Images Image Gallery Management System - Cross-Site Request Forgery
by Dmar al3noOoz
Light Display Manager <1.0.6, <1.1.7 - Info Disclosure
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.
by Ryan Lortie
XnView FlashPix Image Processing - Heap Overflow
by Francis Provencher
Gretech GOM Media Player <2.1.39.5101 Open URL - Impact Unknown
Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264.
by longrifle0x
Wikidforum 2.10 - Cross-Site Scripting via Search Field or Advanced Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
by Stefan Schurtz
Wikidforum 2.10 - SQL Injection via Advanced Search Parameters
Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties.
by Stefan Schurtz
Wikidforum 2.10 - Cross-Site Scripting via Search Field or Advanced Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
by Stefan Schurtz
Synology Photo Station 5 for DiskStation Manager 3.2-1955 - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
by Simon Ganiere
LiteSpeed Web Server 4.1.11 - Cross-Site Scripting via gtitle Parameter
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
by K1P0D
TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection
by l20ot
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
by LiquidWorm
By Source