Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-2757 EXPLOITDB text VERIFIED
ManageEngine ServiceDesk Plus <= 8.0.0.12 - Path Traversal via FileDownload.jsp FILENAME Parameter
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
by Keith Lee
EIP-2026-100733 EXPLOITDB text VERIFIED
ActivDesk 3.0 - Multiple Vulnerabilities
by Brendan Coles
EIP-2026-111883 EXPLOITDB text VERIFIED
Same Team E-shop manager - SQL Injection
by Number 7
EIP-2026-107047 EXPLOITDB text VERIFIED
FanUpdate 3.0 - 'pageTitle' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-106910 EXPLOITDB text VERIFIED
Eshop Manager - Multiple SQL Injections
by Number 7
EIP-2026-105675 EXPLOITDB text VERIFIED
Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities
by Brendan Coles
EIP-2026-100345 EXPLOITDB text VERIFIED
H3C ER5100 - Authentication Bypass
by 128bit
EIP-2026-114280 EXPLOITDB text
WordPress Plugin WPtouch 1.9.27 - URL redirection
by MaKyOtOx
EIP-2026-112189 EXPLOITDB text VERIFIED
Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting
by Gjoko Krstic
EIP-2026-107772 EXPLOITDB text VERIFIED
iGiveTest 2.1.0 - SQL Injection
by Brendan Coles
CVE-2011-4716 EXPLOITDB text VERIFIED
DreamBox DM800 Firmware < 1.6 - Path Traversal via File Parameter
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
by ShellVision
EIP-2026-109934 EXPLOITDB text VERIFIED
Nibbleblog 3 - Multiple SQL Injections
by KedAns-Dz
EIP-2026-108562 EXPLOITDB text VERIFIED
Joomla! Component com_team - SQL Injection
by CoBRa_21
EIP-2026-108294 EXPLOITDB text VERIFIED
Joomla! Component com_calcbuilder - 'id' Blind SQL Injection
by Chip d3 bi0s
EIP-2026-105649 EXPLOITDB text VERIFIED
Burning Board 3.1.5 - Full Path Disclosure
by linc0ln.dll
EIP-2026-112549 EXPLOITDB text VERIFIED
Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting
by Bl4ck.Viper
EIP-2026-108190 EXPLOITDB text VERIFIED
Joomla! Component A Cool Debate 1.0.3 - Local File Inclusion
by Chip d3 bi0s
EIP-2026-107806 EXPLOITDB text VERIFIED
Immophp 1.1.1 - Cross-Site Scripting / SQL Injection
by KedAns-Dz
EIP-2026-105026 EXPLOITDB text VERIFIED
AiCart 2.0 - Multiple Vulnerabilities
by takeshix
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-2960 EXPLOITDB text VERIFIED
Sunway ForceControl 6.1 SP1-SP3 - Heap-Based Buffer Overflow via Crafted URL
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
by Dillon Beresford