Exploitdb Exploits
31,369 exploits tracked across all sources.
IBM Tivoli Continuous Data Protection for Files 3.1.4.0 - Cross-Site Scripting via login/FilepathLogin.html
Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.
by Abdul-Aziz Hariri
Yellow Duck Weblog 2.1.0 - 'lang' Local File Inclusion
by ahmadbady
XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass
by Dr-HTmL
X10media Mp3 Search Engine < 1.6.2 - Admin Access
by THUNDER
e107 Plugin userjournals_menu - 'blog.id' SQL Injection
by boom3rang
MidnightBSD - Denial of Service via Crafted IP Packets in PF Packet Filter
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.
by Rembrandt
Banshee 1.4.2 DAAP Extension - '/apps/web/vs_diag.cgi' Cross-Site Scripting
by Anthony de Almeida Lopes
moziloCMS 1.11 - Information Disclosure via Error Message Path Exposure
moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.
by SirGod
moziloCMS 1.11 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
by SirGod
moziloCMS 1.11 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.
by SirGod
Chance-i DiViS DVR System Web-Server - Directory Traversal
by DSecRG
Chance-i DiViS-Web DVR System - ActiveX Control Heap Overflow (PoC)
by DSecRG
RedaxScript 0.2.0 - 'Language' Local File Inclusion
by SirGod
PHP-Agenda 2.2.5 - Remote File Overwriting
by Salvatore Fresta
moziloCMS 1.11.1 - Cross-Site Scripting via cat and file Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367.
by SirGod
Loggix Project 9.4.5 - 'refer_id' Blind SQL Injection
by Salvatore Fresta
Cisco ASA/PIX - Appliances Fail to Properly Check Fragmented TCP Packets
by Daniel Clemens
Web File Explorer 3.1 - Remote Code Execution via File Parameter in savefile Action
body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.
by Osirys
Web File Explorer 3.1 - SQL Injection via id Parameter
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Osirys
dynamic flash forum 1.0 Beta - Multiple Vulnerabilities
by Salvatore Fresta
By Source