Exploitdb Exploits
31,344 exploits tracked across all sources.
VMware View Manager 3.1.x - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Alexey Sintsov
SmartCMS <2. - SQL Injection
Multiple SQL injection vulnerabilities in SmartCMS v.2.
by Ariko-Security
CVSS 9.8
Carlos Eduardo Sotelo Pinto 0.1.0 - Code Injection
PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter.
by cr4wl3r
Mango Blog 1.4.1 - '/archives.cfm/search' Cross-Site Scripting
by MustLive
Openmairie Openannuaire - Path Traversal
Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
Acritum Femitter Server 1.03 - Multiple Vulnerabilities
by Zer0 Thunder
WHMCompleteSolution (WHMCS) Control 2 - 'announcements.php' SQL Injection
by Islam DefenDers
Openmairie Openannuaire - Code Injection
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/.
by cr4wl3r
Joomla! Component com_djClassifieds 0.9.1 - Arbitrary File Upload
by Sid3^effects
GuppY 4.5.18 - SQL Injection via Newsletter lng Parameter
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
by indoushka
Billwerx RC - SQL Injection
SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter.
by indoushka
Google Chrome 4.1.249.1064 - Remote Memory Corrupt
by eidelweiss
Openmairie Opencimetiere - Code Injection
Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/.
by cr4wl3r
Openmairie Opencatalogue - Path Traversal
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection
by ekse
com_grid - Cross-Site Scripting via data_search and rpp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.
by Valentin
Joomla! Component Card View JX - Cross-Site Scripting
by Valentin
By Source