Exploitdb Exploits
31,342 exploits tracked across all sources.
Axis M10 Series Network Cameras Firmware < 5.21 - XSS
Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml.
by Matt Metzger
Caseproof Prettylinks - XSS
Pretty-Link WordPress plugin 1.5.2 has XSS
by Am!r
CVSS 6.1
Simple Machines Forum (SMF) 1.1.15 - 'fckeditor' Arbitrary File Upload
by HELLBOY
Linux kernel <2.6.32 - DoS
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
by Serge Hallyn
CVSS 7.5
Sopcast - Access Control
SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.
by LiquidWorm
Serv-U FTP Server 11.1.0.3 - Denial of Service / Security Bypass
by Luigi Auriemma
Meditate Web Content Editor 'username_input' - SQL Injection
by Stefan Schurtz
Elxis Cms - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php.
by Ewerson Guimaraes
Elxis Cms - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php.
by Ewerson Guimaraes
Ipswitch Tftp Server - Path Traversal
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
by SecPod Research
Hillstone Software HS Tftp Server - Improper Input Validation
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.
by SecPod Research
WSN Classifieds 6.2.12/6.2.18 - Multiple Vulnerabilities
by d3v1l
Solarwinds Serv-u File Server < 11.1.0.3 - Path Traversal
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
by kingcope
Vvertex Muster < 6.1.2 - Path Traversal
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
by Nick Freeman
Atmail Open - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php.
by Dognædis
WordPress Plugin flash-album-gallery - 'facebook.php' Cross-Site Scripting
by Am!r
Zooeffect - XSS
Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party.
by Am!r
Wikkawiki - CSRF
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
by EgiX
Sugarcrm - SQL Injection
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
by High-Tech Bridge SA
Orangehrm < 2.6.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
by High-Tech Bridge SA
Orangehrm < 2.6.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
by High-Tech Bridge SA
By Source