Exploitdb Exploits
31,344 exploits tracked across all sources.
TinyWebGallery 1.8.3 - Cross-Site Scripting / Local File Inclusion
by Yam Mesicka
Spike PHPCoverage <2.0.2 - XSS
Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by AutoSec Tools
Joomla! Component com_frontenduseraccess - Local File Inclusion
by wishnusakti
Joomla! Component com_clan_members - 'id' SQL Injection
by FL0RiX
Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass
by Jeff Channell
SUN Jre < 1.6.0 - Denial of Service
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
by Konstantin Preisser
Joomla! Component com_virtuemart 1.1.6 - SQL Injection
by Andrea Fabrizi
OpenVAS Manager <2.0rc2 - Command Injection
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
by Tim Brown
vBSEO 3.2.2/3.5.2 - Persistent Cross-Site Scripting via LinkBacks
by MaXe
eSyndiCat Directory Software 2.2/2.3 - 'preview' Cross-Site Scripting
by Avram Marius
Microsoft Windows - XSS
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
by 80vul
CVSS 6.1
PHP Script Directory Software - 'sbcat_id' SQL Injection
by h4ck3r
PHP Link Directory Software - 'sbcat_id' SQL Injection
by h4ck3r
Vanilla Forums 2.0.16 - 'Target' Cross-Site Scripting
by YGN Ethical Hacker Group
sap crystal report server 2008 - Directory Traversal
by Dmitriy Chastuhin
Oracle Fusion Middleware <10.1.3.5 - RCE
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.
by Alexandr Polyakov
Oracle Document Capture - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll).
by Evdokimov Dmitriy
By Source