Exploitdb Exploits
31,348 exploits tracked across all sources.
Profense Web App Firewall <2.6.3 - XSS
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.
by Michael Brooks
Motorola Wimax modem CPEi300 - Path Traversal
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.
by Usman Saeed
Profense Web Application Firewall 2.6.2-2.6.3 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.
by Michael Brooks
Microsoft Internet Explorer 7 - CSRF
Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.
by UzmiX
ManageEngine Firewall Analyzer 5 - Cross-Site Request Forgery / Cross-Site Scripting
by Michael Brooks
Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
by Michael Brooks
NetArt Media Car Portal 1.0 - SQL Injection
SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by Mehmet Ince
GLPI 0.71.3 - Multiple SQL Injections Vulnerabilities
by Zigma
Coppermine Photo Gallery 1.4.19 - Remote File Upload
by Michael Brooks
Zoom VoIP Phone Adapater ATA1+1 1.2.5 - Cross-Site Request Forgery
by Michael Brooks
Motorola CPEi300 - Authenticated Cross-Site Scripting via sysconf.cgi Page Parameter
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.
by Usman Saeed
D-Link VoIP Phone Adapter - Cross-Site Scripting / Cross-Site Request Forgery Remote Firmware Overwrite
by Michael Brooks
Chipmunk Blogger Script - Privilege Escalation
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions.
by x0r
W3C Amaya < 11.0 - Remote Code Execution via Long Input Tag Type Parameter
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
by Core Security
SocialEngine 3.06 - SQL Injection via Blog Category ID Parameter
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by snakespc
Max.Blog 1.0.6 - 'submit_post.php' SQL Injection
by Salvatore Fresta
Max.Blog <= 1.0.6 - SQL Injection via Username Parameter
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Salvatore Fresta
Anantasoft Gazelle CMS 1.0 - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
by fuzion
gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion
by Encrypt3d.M!nd
Chipmunk Blogger Script - SQL Injection
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by x0r
Autonomy Ultraseek - Open Redirect via cs.html url Parameter
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
by buzzy
Max.Blog 1.0.6 - 'show_post.php' SQL Injection
by Salvatore Fresta
Flax Article Manager 1.1 - Remote PHP Script Upload
by S.W.A.T.
By Source