Exploitdb Exploits
31,342 exploits tracked across all sources.
Browsercrm < 5.100.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
Browsercrm < 5.100.01 - SQL Injection
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
by High-Tech Bridge SA
Browsercrm < 5.100.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
Browsercrm < 5.100.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
Browsercrm < 5.100.01 - SQL Injection
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
by High-Tech Bridge SA
Browsercrm < 5.100.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
Nagios XI - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by anonymous
WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting
by Am!r
Opera Browser < 11.60 - Cryptographic Issue
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
by anonymous
WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting
by Am!r
WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection
by Saif
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ahmed Elhady Mohamed
Family Connections CMS <2.9 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
by Ahmed Elhady Mohamed
CVSS 8.8
Pet Listing - 'preview.php' Cross-Site Scripting
by Mr.PaPaRoSSe
Homeseer Hs2 - XSS
Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.
by Silent Dream
PowerDVD 11.0.0.2114 - Remote Denial of Service
by Luigi Auriemma
SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection
by Havok
Apache Struts < 2.3.3 - Access Control
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
by Hisato Killing
By Source