Exploitdb Exploits
31,342 exploits tracked across all sources.
Serendipity <1.6 - XSS
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
by Stefan Schurtz
CVSS 6.1
Jara 1.6 - XSS
Jara 1.6 has an XSS vulnerability
by Or4nG.M4N
CVSS 6.1
CmyDocument - Multiple Cross-Site Scripting Vulnerabilities
by demonalex
BST Bestshoppro - SQL Injection
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.
by CoBRa_21
Oracle Hyperion Financial Management TList6 - ActiveX Control Remote Code Execution
by rgod
Microsoft Excel 2007 SP2 - Buffer Overwrite (MS11-021)
by Abysssec
Setseed Cms < 5.11.2 - SQL Injection
SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie.
by LiquidWorm
eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
Cauposhop Classic < 3.70 - Path Traversal
Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action.
by Rami Salama
BST Bestshoppro - XSS
Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter.
by CoBRa_21
Apache HTTP Server - Improper Input Validation
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
by halfdog
vBulletin 4.1.7 - Multiple Remote File Inclusions
by indoushka
Symphony CMS <2.2.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information.
by Mesut Timur
Symphony CMS <2.2.4 - SQL Injection
Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information.
by Mesut Timur
eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities
by Netsparker Advisories
Domain Shop - 'index.php' Cross-Site Scripting
by Mr.PaPaRoSSe
Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Security Vulnerabilities
by Benjamin Kunz Mejri
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - CSRF
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
by mehdi boukazoula
Joomlaextensions Com Hmcommunity < 1.0 - SQL Injection
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
by 599eme Man
Advantech Webaccess < 6.0 - Memory Corruption
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
by Snake
Appthemes Classipress < 3.1.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
by Paul Loftness
Joomlaextensions Com Hmcommunity < 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
by 599eme Man
Blueflyingfish Com Alameda < 1.0.0 - SQL Injection
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
by kaMtiEz
By Source