Exploitdb Exploits
31,342 exploits tracked across all sources.
YouSayToo auto-publishing plugin 1.0 - XSS
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
by H4ckCity Security Team
Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload
by Robert Cooper
Stoneware webNetwork <6.0.8.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts.
by Jacob Holcomb
Joomla! Component com_xball - 'team_id' SQL Injection
by CoBRa_21
Joomla! Component com_br - 'Controller' Local File Inclusion
by the_cyber_nuxbie
AllWebMenus <1.1.8 - Code Injection
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
by 6Scan
AllWebMenus 1.1.8 - Auth Bypass
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
by 6Scan
miniCMS 1.0-2.0 - RCE
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
by Or4nG.M4N
Tribiq CMS - SQL Injection
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Skote Vahshat
Lead Capture Page System - XSS
Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by HashoR
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by the_cyber_nuxbie
Joomla! Component Full - 'id' SQL Injection
by the_cyber_nuxbie
Joomla! Component com_some - 'Controller' Local File Inclusion
by the_cyber_nuxbie
Foobla Com Obsuggest < 1.6.4 - Path Traversal
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by the_cyber_nuxbie
Joomla! Component com_car - Multiple SQL Injections
by the_cyber_nuxbie
Joomla! Component com_bulkenquery - 'Controller' Local File Inclusion
by the_cyber_nuxbie
Joomla! Component com_boss - 'Controller' Local File Inclusion
by the_cyber_nuxbie
Raven 1.0 - 'connector.asp' Arbitrary File Upload
by HELLBOY
Aryadad CMS - SQL Injection
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.
by Red Security TEAM
Acidcat CMS <3.5.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.
by Avram Marius
Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Alexander Fuchs
By Source