Exploitdb Exploits
31,344 exploits tracked across all sources.
Git < 1.7.3.3 - XSS
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
by emgent
BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities
by Richard Brain
Alexej Kryukov Fontforge - Memory Corruption
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
by Ulrik Persson
PHP TopSites 2.1 - '/rate.php' Cross-Site Scripting / SQL Injection
by c0de Hunters
Joomla! Component com_redirect 1.5.19 - Local File Inclusion
by jos_ali_joe
Mura CMS - Multiple Cross-Site Scripting Vulnerabilities
by Richard Brain
Clear Ispot Firmware - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
by Trustwave's SpiderLabs
Cetera eCommerce - 'banner.php' Cross-Site Scripting
by MustLive
Sulata iSoft - 'stream.php' Local File Disclosure
by Sudden_death
Social Share - 'vote.php' HTTP Response Splitting
by Aliaksandr Hartsuyeu
slickMsg 0.7-alpha - 'top.php' Cross-Site Scripting
by Aliaksandr Hartsuyeu
ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities
by Rob Kraus
Joomla! Component JExtensions Property Finder - 'sf_id' SQL Injection
by FL0RiX
Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities
by MustLive
Joomla! Component com_billyportfolio 1.1.2 - Blind SQL Injection
by jdc
Php < 5.3.3 - Numeric Error
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
by Maksymilian Arciemowicz
BizDir 05.10 - 'f_srch' Cross-Site Scripting
by Aliaksandr Hartsuyeu
net2ftp 0.98 (stable) - '/admin1.template.php' Local/Remote File Inclusion
by Marcin Ressel
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload
by Salvatore Fresta
Harmistechnology Com Jeauto - SQL Injection
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
by Salvatore Fresta
By Source