Exploitdb Exploits
31,394 exploits tracked across all sources.
Pandora FMS 4.0.1 - 'sec2' Local File Inclusion
by Ucha Gobejishvili
Novell Groupwise Messenger Client 2.1.0 - Unicode Stack Overflow
by Luigi Auriemma
Novell Groupwise Messenger 2.1.0 - Memory Corruption
by Luigi Auriemma
Novell Groupwise Messenger 2.1.0 - Arbitrary Memory Corruption
by Luigi Auriemma
Tube Ace 1.6 - SQL Injection via q Parameter
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
by Daniel Godoy
CONTIMEX Impulsio CMS - SQL Injection via id Parameter
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by sonyy
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections
by tempe_mendoan
11in1 1.2.1 - Cross-Site Request Forgery in admin/index.php
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.
by High-Tech Bridge SA
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
Zimbra Collaboration Suite 6.x-6.0.15 7.x-7.1.3 - Cross-Site Scripting via Calendar View Parameter
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
by sonyy
STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
Powie pFile 1.02 - Cross-Site Scripting via filecat Parameter
Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter.
by indoushka
Powie pFile 1.02 - SQL Injection via id Parameter
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by indoushka
EditWrxLite CMS - 'wrx.cgi' Remote Command Execution
by chippy1337
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
by Avram Marius
Fork CMS 3.2.4 - Cross-Site Scripting via Report or Error Parameter
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
by Avram Marius
By Source