Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-5258 EXPLOITDB text VERIFIED
OrangeHRM < 2.6.11.2 - Cross-Site Scripting via uniqcode, isAdmin, or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
by High-Tech Bridge SA
CVE-2011-5258 EXPLOITDB text VERIFIED
OrangeHRM < 2.6.11.2 - Cross-Site Scripting via uniqcode, isAdmin, or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
by High-Tech Bridge SA
CVE-2011-5259 EXPLOITDB text VERIFIED
OrangeHRM < 2.6.11.2 - SQL Injection via CentralController id Parameter
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by High-Tech Bridge SA
CVE-2011-5009 EXPLOITDB text VERIFIED
3S CoDeSys 3.4 SP4 Patch 2 - Denial of Service via Crafted HTTP Request
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
by Luigi Auriemma
CVE-2011-5009 EXPLOITDB text VERIFIED
3S CoDeSys 3.4 SP4 Patch 2 - Denial of Service via Crafted HTTP Request
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
by Luigi Auriemma
CVE-2011-4712 EXPLOITDB text VERIFIED
Oxide WebServer - Unauthenticated Path Traversal via Dot Dot Backslash
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
by demonalex
CVE-2011-4714 EXPLOITDB text VERIFIED
Virtual Vertex Muster < 6.1.2 - Path Traversal via Backslash Dot Dot in URL
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
by Nick Freeman
CVE-2011-4878 EXPLOITDB text VERIFIED
Siemens WinCC flexible - Directory Traversal via URI
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.
by Luigi Auriemma
CVE-2011-4877 EXPLOITDB text VERIFIED
Siemens WinCC flexible - Denial of Service via Crafted TCP Data
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.
by Luigi Auriemma
CVE-2011-4875 EXPLOITDB text VERIFIED
Siemens WinCC flexible - Stack-based Buffer Overflow via Unicode String Handling
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
by Luigi Auriemma
CVE-2011-4876 EXPLOITDB text VERIFIED
Siemens WinCC flexible 2004-2008 - Path Traversal and Arbitrary File Manipulation via HmiLoad Runtime Loader
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.
by Luigi Auriemma
CVE-2011-4879 EXPLOITDB text VERIFIED
Siemens WinCC flexible - Information Disclosure and Denial of Service via Crafted POST Request
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.
by Luigi Auriemma
CVE-2011-4532 EXPLOITDB text VERIFIED
Siemens Automation License Manager < 5.1 - Unauthenticated Arbitrary File Write
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
by Luigi Auriemma
CVE-2011-5179 EXPLOITDB text VERIFIED
Skysa App Bar Integration Plugin < 1.03 - Cross-Site Scripting via Submit Parameter
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
by Amir
EIP-2026-109323 EXPLOITDB text VERIFIED
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-109322 EXPLOITDB text VERIFIED
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-109321 EXPLOITDB text VERIFIED
Manx 1.0.1 - '/admin/admin_pages.php?Filename' Traversal Arbitrary File Access
by LiquidWorm
EIP-2026-109320 EXPLOITDB text VERIFIED
Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access
by LiquidWorm
EIP-2026-108930 EXPLOITDB text VERIFIED
JQuery-Real-Person plugin - Bypass Captcha
by Alberto_García_Illera
CVE-2011-5177 EXPLOITDB text VERIFIED
eSyndiCat Pro 2.3.05 - Cross-Site Scripting via Admin Controller Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page.
by d3v1l
CVE-2011-5103 EXPLOITDB text
Alurian Prismotube PHP Video Script - SQL Injection via id Parameter
SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by longrifle0x
CVE-2011-4674 EXPLOITDB text VERIFIED
Zabbix 1.8.3-1.8.4 - SQL Injection via only_hostid Parameter
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
by Marcio Almeida
CVE-2011-5111 EXPLOITDB text VERIFIED
Kajian Website CMS Balitbang 3.x - SQL Injection via Hal Parameter
Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php.
by X-Cisadane
CVE-2011-5111 EXPLOITDB text VERIFIED
Kajian Website CMS Balitbang 3.x - SQL Injection via Hal Parameter
Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php.
by X-Cisadane
CVE-2011-5108 EXPLOITDB text VERIFIED
AdaptCMS 2.0.0 and 2.0.1 - Cross-Site Scripting in config.php
Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by X-Cisadane