Exploitdb Exploits
31,344 exploits tracked across all sources.
Gadu-Gadu Instant Messenger 6.0 - File Transfer Cross-Site Scripting
by Kacper Szczesniak
vBulletin 4.0.x 4.1.2 - 'search.php' SQL Injection
by D4rkB1t
Joomla! Component Map Locator - 'cid' SQL Injection
by FL0RiX
Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management
by i2sec
PHP Captcha / Securimage 2.0.2 - Authentication Bypass
by Sense of Security
Room Juice 0.3.3 - 'display.php' Cross-Site Scripting
by AutoSec Tools
LimeSurvey 1.85+ - 'admin.php' Cross-Site Scripting
by Juan Manuel Garcia
Cisco Unified Operations Manager < 8.5 - XSS
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
by Sense of Security
Ciscoworks Common Services < 3.3 - XSS
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
by Sense of Security
Cisco Unified Operations Manager < 8.5 - SQL Injection
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
by Sense of Security
Cisco Unified Operations Manager < 8.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
Ciscoworks Common Services < 3.3 - Path Traversal
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
by Sense of Security
TWiki <5.0.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
by Mesut Timur
Joomla! Component jDownloads 1.0 - Arbitrary File Upload
by Al-Ghamdi
klibc 1.5.20-1.5.21 - RCE
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
by maximilian attems
CVSS 9.8
Ciscoworks Common Services < 3.3 - Path Traversal
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
by Sense of Security
Ciscoworks Common Services < 3.3 - XSS
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
by Sense of Security
Cisco Unified Operations Manager < 8.5 - XSS
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
by Sense of Security
WordPress Plugin <=1.4.2 - Code Injection
The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012.
by neworder
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
By Source