Exploitdb Exploits
31,344 exploits tracked across all sources.
ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Local Privilege Escalation
by MJ0011
AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Local Privilege Escalation
by MJ0011
Softbiz PHP Joke Site Software - Multiple SQL Injections
by v3n0m
Social Share - Multiple Cross-Site Scripting Vulnerabilities
by Aliaksandr Hartsuyeu
Dmasoftlab Radius Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
by Rodrigo Rubira Branco
Dmasoftlab Radius Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
by Rodrigo Rubira Branco
MH Products MHP Downloadshop - SQL Injection
SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by Easy Laster
Immo Makler - SQL Injection
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
MH Products Easy Online Shop - SQL Injection
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
by Easy Laster
JRadio <1.5.1 - Path Traversal
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
by Sid3^effects
BLOG:CMS 4.2.1.e - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php.
by High-Tech Bridge SA
slickMsg - Cross-Site Scripting / HTML Injection
by Aliaksandr Hartsuyeu
Pangramsoft Pointter Php Micro-bloggi... - Authentication Bypass
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
by Mark Stanislav
Pangramsoft Pointter Php Content Mana... - Authentication Bypass
Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
by Mark Stanislav
Mantisbt < 1.2.3 - Path Traversal
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
by LiquidWorm
Mantisbt < 1.2.3 - Information Disclosure
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
by LiquidWorm
HP Insight Diagnostics < 8.5.0.3625 - XSS
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Richard Brain
BLOG:CMS <4.2.1.e - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
by High-Tech Bridge SA
Blog:CMS 4.2.1 e - Multiple HTML Injections / Cross-Site Scripting
by High-Tech Bridge SA
BEdita <3.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser.
by High-Tech Bridge SA
IBM Tivoli Storage Manager < 5.3.6.7 - Out-of-Bounds Write
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
by Kryptos Logic
Google Urchin 5.7.03 - Local File Inclusion
by Kristian Erik Hermansen
By Source