Exploitdb Exploits
31,342 exploits tracked across all sources.
PHP Ringtone Website - 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities
by Atmon3r
Cloupia End-to-end FlexPod Management - Directory Traversal
by Chris Rock
PHP <5.3.8 - DoS
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
by Maksymilian Arciemowicz
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
by Byoungyoung Lee
PHP 5.3.8 - DoS
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
by Maksymilian Arciemowicz
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
MailEnable <6.03 - XSS
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
by Sajjad Pourali
WordPress <3.1.1 - XSS
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
by 6Scan
Morequick Greenbrowser < 6.0.1001 - Resource Management Error
Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe.
by NCNIPC
WordPress <3.1.1 - Path Traversal
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
by 6Scan
Joomla! Component com_contushdvideoshare 1.3 - 'id' SQL Injection
by Lazmania61
Yabsoft Advanced Image Hosting Script - SQL Injection
SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
by Robert Cooper
MailEnable <6.03 - XSS
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
by Sajjad Pourali
ExpressView Browser Plugin 6.5.0.3330 - Multiple Integer Overflow / Remote Code Execution Vulnerabilities
by Luigi Auriemma
KnowledgeTree 3.7.0.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php.
by High-Tech Bridge SA
Kayako SupportSuite 3.x - Multiple Vulnerabilities
by Yuri Goltsev
Apache HTTP Server < 2.0.65 - Denial of Service
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
by halfdog
W-cms - Path Traversal
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.
by th3.g4m3_0v3r
Razorcms - Access Control
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
by chap0
Microsoft Anti-cross Site Scripting Library - XSS
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."
by Adi Cohen
Age Verification < 0.4 - Improper Input Validation
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
by Gianluca Brindisi
Age Verification < 0.4 - Improper Input Validation
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
by Gianluca Brindisi
By Source