Exploitdb Exploits
31,394 exploits tracked across all sources.
WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting
by High-Tech Bridge SA
DZYGroup CMS Portal - Multiple SQL Injections
by Netrondoank
Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting
by PontoSec
TimThumb < 2.0 - Remote Code Execution via Domain Whitelist Bypass
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
by MaXe
Joomla! Component com_xeslidegalfx - 'id' SQL Injection
by Ne0 H4ck3R
Joomla! Component com_jdirectory - SQL Injection
by Caddy Dz
Joomla! Component com_community - 'userid' SQL Injection
by Ne0 H4ck3R
HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution
by daveb
BESNI OKUL PORTAL - 'sayfa.asp' Cross-Site Scripting
by Err0R
MyBB MyTabs Plugin - 'tab' SQL Injection
by AutoRUN & dR.sqL
ZoneMinder 1.24.x - Path Traversal via View Request or Action Parameter
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
by iye
Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant
Digital Scribe 1.5 - register_form()' Multiple POST Cross-Site Scripting Vulnerabilities
by LiquidWorm
Link Station Pro - Multiple Vulnerabilities
by $#4d0\/\/[r007k17]
Chyrp < 2.0 - Authenticated Arbitrary PHP File Upload via swfupload Extension
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.
by Wireghoul
Chyrp < 2.1 - Remote File Inclusion via Action Parameter
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
by Wireghoul
By Source