Exploitdb Exploits
31,394 exploits tracked across all sources.
Fork CMS < 3.2.7 - Cross-Site Scripting via Type, Querystring, or Name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.
by anonymous
Socusoft Photo 2 Video 8.05 - Local Buffer Overflow
by Vulnerability-Lab
OSQA 3b - Cross-Site Scripting via URL or Picture Bar
Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.
by Ucha Gobejishvili
Endian Firewall 2.4 - Cross-Site Scripting via dnat.cgi createrule Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
by Vulnerability Research Laboratory
Endian Firewall 2.4 - Cross-Site Scripting via dnat.cgi createrule Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
by Vulnerability Research Laboratory
Endian Firewall 2.4 - Cross-Site Scripting via dnat.cgi createrule Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
by Vulnerability Research Laboratory
Webglimpse < 2.20.0 - Cross-Site Scripting via URL FILE or DOMAIN Parameters
Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.
by MustLive
myjoblist 0.1.3 - SQL Injection via eid Parameter
SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php.
by Red Security TEAM
Contao CMS < 2.11.0 - Cross-Site Request Forgery via User, News, or Newsletter Deletion
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
by Ivano Binetti
Symantec PGP Desktop and Encryption Desktop - Local Privilege Escalation via Buffer Overflow in pgpwded.sys
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
by Nikita Tarakanov
webgrind 1.0 and 1.0.2 - Path Traversal via File Parameter
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.
by LiquidWorm
PHP Gift Registry 1.5.5 - Authenticated SQL Injection via UserID Parameter
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.
by G13
Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting
by Corrado Liotta
Unity 3D Web Player 3.2.0.61061 - Denial of Service
by Luigi Auriemma
Oxwall 1.1.1 - Cross-Site Scripting via Plugin Parameter
Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.
by Ariko-Security
Limesurvey <1.91+ Build 120224 - SQL Injection
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
by TorTukiTu
Dolibarr CMS 3.2.0 Alpha - Path Traversal & Arbitrary File Read via Document.php or Backtopage Parameter
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
by Benjamin Kunz Mejri
DFLabs PTK < 1.0.5 - Cross-Site Request Forgery in Logout Function
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
by Ivano Binetti
ContentLion Alpha 1.3 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Stefan Schurtz
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
by High-Tech Bridge SA
CVSS 6.1
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
by High-Tech Bridge SA
CVSS 6.1
By Source