Exploitdb Exploits
31,346 exploits tracked across all sources.
IBM WebSphere Portal 5.1.0.0-5.1.0.5, 6.0.0.0-6.0.1.7, 6.1.0.0-6.1.5.0 XSS via login.jsp
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
by Oren Hafif
WikyBlog 1.7.3rc2 - Authenticated Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
by indoushka
WikyBlog 1.7.3 rc2 - Session Fixation
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
by indoushka
WikyBlog 1.7.3 rc2 - Remote Code Execution via LangFile Parameter
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
by indoushka
WikyBlog 1.7.2 and 1.7.3 rc2 - Cross-Site Scripting via which Parameter
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
by indoushka
Web Server Creator - Web Portal 0.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.
by indoushka
Softbiz Classifieds PLUS - Multiple SQL Injections
by Easy Laster
Softbiz Auktios Script - Multiple SQL Injections
by Easy Laster
OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions
by JIKO
MySmartBB 1.7 - Multiple Cross-Site Scripting Vulnerabilities
by indoushka
Safari - Stack Consumption Denial of Service via CSS Selector
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
by Rad L. Sneak
Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service
by Nicob
Tinypug 0.9.5 - Cross-Site Request Forgery (Password Change)
by AmnPardaz
By Source