Exploitdb Exploits
31,344 exploits tracked across all sources.
IBM Soliddb < 6.5.0.3 - Numeric Error
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315.
by Luigi Auriemma
Twiki < 5.0.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
by DOUHINE Davy
Twiki < 5.0.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
by DOUHINE Davy
Data/File - upload and Management Arbitrary File Upload
by saudi0hacker
Oracle Java SE/Jav for Bus 6 - Info Disclosure
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
by Skylined
Nullsoft Winamp < 5.581 - Memory Corruption
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
by Luigi Auriemma
Oracle Solaris 10/OpenSolaris - Info Disclosure
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su.
by prdelka
Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by High-Tech Bridge SA
Joomla! - Path Traversal
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by jos_ali_joe
Collabtive 0.6.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.
by Anatolia Security
Collabtive 0.6.5 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
by Anatolia Security
Oracle Fusion Middleware <11.1.1.2.0 - Info Disclosure
Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.
by Alexander Polyakov
OrangeHRM 2.6.0.1 - Path Traversal
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
by ZonTa
Joomla! / Mambo Component com_trade - 'PID' Cross-Site Scripting
by FL0RiX
BaconMap 1.0 - SQL Injection
SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
by John Leitch
BaconMap 1.0 - Path Traversal
Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter.
by John Leitch
MG User-Fotoalbum 1.0.1 - SQL Injection
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter.
by Easy Laster
Site2Nite Auto e-Manager - SQL Injection
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by KnocKout
JoomlaSeller JS Calendar 1.5.1-1.5.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information.
by Salvatore Fresta
JS Calendar (com_jscalendar) 1.5.1-1.5.4 - SQL Injection
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
by Salvatore Fresta
By Source