Exploitdb Exploits
31,394 exploits tracked across all sources.
Appweb Web Server 3.2.2-1 - Cross-Site Scripting
by Gjoko Krstic
WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting
by clshack
WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scripting
by clshack
Citrix Access Gateway <5.0 - Command Injection
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
by George D. Gal
Hycus CMS 1.0.3 - SQL Injection via user_name, usr_email, useremail, or q Parameter
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
Html-edit CMS 3.1.8 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
by High-Tech Bridge SA
Html-edit CMS 3.1.8 - SQL Injection via nuser Parameter
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.
by High-Tech Bridge SA
Habari 0.6.5 - Cross-Site Scripting via additem_form and status_data Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
Openfiler 2.3 - Cross-Site Scripting via Device Parameter
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.
by db.pub.mail
CVSS 6.1
Ecava IntegraXor < 3.6.4000.0 - Path Traversal via File Name Parameter
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
by Luigi Auriemma
Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal
by waraxe
WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities
by Richard Brain
Social Share - 'Username' SQL Injection
by Aliaksandr Hartsuyeu
S9Y Serendipity 1.5.4 - Arbitrary File Upload
by pentesters.ir
Joomla! Component com_xgallery 1.0 - Local File Inclusion
by KelvinX
ImpressCMS 1.2.x - 'quicksearch_ContentContent' HTML Injection
by High-Tech Bridge SA
Hycus CMS 1.0.3 - Path Traversal via Site Parameter
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
by High-Tech Bridge SA
html-edit CMS 3.1.8 - Exposure of Sensitive Information via Direct Request to Core Files
Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.
by High-Tech Bridge SA
Habari 0.6.5 - Unauthenticated Sensitive Information Exposure via Direct Request
Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.
by High-Tech Bridge SA
By Source