Exploitdb Exploits
31,394 exploits tracked across all sources.
Websense 7.6 - Triton Report Management Interface Cross-Site Scripting
by Ben Williams
Pulse Pro CMS 1.7.2 - Cross-Site Scripting via d or post_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php.
by Avram Marius
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
BrowserCRM < 5.100.01 - SQL Injection via login[username] or parent_id or contact_id Parameter
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
by High-Tech Bridge SA
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
BrowserCRM < 5.100.01 - SQL Injection via login[username] or parent_id or contact_id Parameter
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
by High-Tech Bridge SA
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
Nagios XI - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by anonymous
WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting
by Am!r
Opera < 11.60 - Certificate Revocation Handling Issue
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
by anonymous
WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting
by Am!r
WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection
by Saif
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ahmed Elhady Mohamed
Family Connections CMS < 2.9.0 - Cross-Site Request Forgery via News or Prayer Add Action
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
by Ahmed Elhady Mohamed
CVSS 8.8
Pet Listing - 'preview.php' Cross-Site Scripting
by Mr.PaPaRoSSe
HomeSeer HS2 2.5.0.20 - Cross-Site Scripting via Crafted URI
Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.
by Silent Dream
PowerDVD 11.0.0.2114 - Remote Denial of Service
by Luigi Auriemma
SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection
by Havok
By Source