Exploitdb Exploits
31,394 exploits tracked across all sources.
ATutor < 2.1 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.
by Stefan Schurtz
Annuaire PHP - Cross-Site Scripting via referencement/sites_inscription.php url Parameter
Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter.
by Atmon3r
PHP Ringtone Website - 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities
by Atmon3r
Cloupia End-to-end FlexPod Management - Directory Traversal
by Chris Rock
PHP 5.3.8 - Denial of Service via zend_strndup Return Value Mismanagement
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
by Maksymilian Arciemowicz
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
by Byoungyoung Lee
PHP 5.3.8 - Denial of Service via Tidy::diagnose NULL Pointer Dereference
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
by Maksymilian Arciemowicz
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
MailEnable < 4.26, 5.x < 5.53, 6.x < 6.03 - Cross-Site Scripting via ForgottenPassword.aspx Username Parameter
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
by Sajjad Pourali
Count Per Day < 3.1.1 - Cross-Site Scripting via Map Parameter
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
by 6Scan
GreenBrowser < 6.0.1001 - Remote Code Execution via Crafted IFrame
Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe.
by NCNIPC
count_per_day < 3.1.1 - Unauthenticated Path Traversal via Download Parameter
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
by 6Scan
Joomla! Component com_contushdvideoshare 1.3 - 'id' SQL Injection
by Lazmania61
YABSoft Advanced Image Hosting Script - SQL Injection via view_comments.php gal Parameter
SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
by Robert Cooper
MailEnable < 4.26, 5.x < 5.53, 6.x < 6.03 - Cross-Site Scripting via ForgottenPassword.aspx Username Parameter
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
by Sajjad Pourali
ExpressView Browser Plugin 6.5.0.3330 - Multiple Integer Overflow / Remote Code Execution Vulnerabilities
by Luigi Auriemma
KnowledgeTree 3.7.0.2 - Cross-Site Scripting via PATH_INFO to login.php admin.php or preferences.php
Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php.
by High-Tech Bridge SA
Kayako SupportSuite 3.x - Multiple Vulnerabilities
by Yuri Goltsev
Apache HTTP Server < 2.0.65 - Denial of Service via Scoreboard Shared Memory Segment
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
by halfdog
w-cms 2.01 - Path Traversal via p Parameter
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.
by th3.g4m3_0v3r
razorCMS 1.2 - Authenticated Directory Traversal via Directory Manipulation
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
by chap0
Microsoft Anti-Cross Site Scripting Library 3.x and 4.0 - Cross-Site Scripting via CSS Escaped Character Bypass
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."
by Adi Cohen
By Source