Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4240 EXPLOITDB
HMS Testimonials < 2.0.10 - Cross-Site Request Forgery via Admin Page Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.
CVE-2014-5345 EXPLOITDB html
Disqus Comment System < 2.76 - Cross-Site Scripting via Upgrade Step Parameter
Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
CVE-2014-5346 EXPLOITDB html
Disqus Comment System 2.77 - Cross-Site Request Forgery via Plugin Activation/Deactivation or Comment Import/Export
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php.
CVE-2020-9371 EXPLOITDB MEDIUM
Appointment Booking Calendar < 1.3.35 - Stored Cross-Site Scripting in Calendar Name Input
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
CVSS 4.8
CVE-2014-8603 EXPLOITDB
XCloner 3.1.1 and 3.5.1 - Authenticated Remote Code Execution via Shell Metacharacter Injection
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'], (5) $_CONFIG['filename'], (6) $_CONFIG['exfile_tar'], (7) $_CONFIG[sqldump], (8) $_CONFIG['mysql_host'], (9) $_CONFIG['mysql_pass'], (10) $_CONFIG['mysql_user'], (11) $database_name, or (12) $sqlfile variable.
CVE-2014-8604 EXPLOITDB
XCloner 3.1.1 and 3.5.1 - Unauthenticated Exposure of MySQL Password in Configuration Panel
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-8605 EXPLOITDB
XCloner 3.1.1 and 3.5.1 - Unauthenticated Sensitive Information Exposure via Predictable Backup File Names
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.
CVE-2014-8606 EXPLOITDB
XCloner 3.1.1 and 3.5.1 - Authenticated Path Traversal via File Parameter
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.
CVE-2006-5508 EXPLOITDB perl
WoltLab Burning Book 1.1.2 - SQL Injection via n Parameter or User-Agent Header
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.
CVE-2012-1897 EXPLOITDB
Wolf CMS <= 0.75 - Cross-Site Request Forgery via Admin Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via the user id number to admin/user/delete; (2) delete pages via the page id number to admin/page/delete; delete the (3) images or (4) themes directory via the directory name to admin/plugin/file_manager/delete, and possibly other directories; or (5) logout the user via a request to admin/login/logout.
CVE-2007-3137 EXPLOITDB
WmsCMS <= 2.0 - Cross-Site Scripting via 4print.asp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.
CVE-2006-4987 EXPLOITDB
Patrick Michaelis Wili-CMS - Remote File Inclusion via globals[content_dir] Parameter
Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php.
CVE-2006-4988 EXPLOITDB
Patrick Michaelis Wili-CMS - Cross-Site Scripting via Query String and globals[pageid] Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors.
CVE-2011-4448 EXPLOITDB
WikkaWiki 1.3.1 and 1.3.2 - SQL Injection via default_comment_display Parameter
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
CVE-2011-4449 EXPLOITDB
WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Execution via File Upload with Multiple Extensions
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
CVE-2011-4450 EXPLOITDB
WikkaWiki 1.3.1 and 1.3.2 - Path Traversal via File Parameter
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
CVE-2011-4451 EXPLOITDB
WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Write via User-Agent HTTP Header
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter
CVE-2009-0460 EXPLOITDB
Whole Hog Ware Support 1.x - Auth Bypass
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2009-0458 EXPLOITDB
Whole Hog Ware Support 1.x - SQL Injection
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
CVE-2004-1422 EXPLOITDB
WHM AutoPilot <2.4.6.5 - Info Disclosure
WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.
CVE-2004-1421 EXPLOITDB
WHM AutoPilot <= 2.4.6.5 - Remote File Inclusion via server_inc Parameter
Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code.
CVE-2013-6041 EXPLOITDB
Softaculous Webuzo < 2.1.4 - Remote Code Execution via SOFTCookies sid Cookie
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.
CVE-2013-6042 EXPLOITDB
Webuzo < 2.1.4 - Cross-Site Scripting via File Manager Login User Parameter
Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2014-4306 EXPLOITDB
WebTitan < 4.01 - Path Traversal via Logfile Parameter
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.
CVE-2014-9242 EXPLOITDB
WebsiteBaker 2.8.3 - SQL Injection via page_id Parameter
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
By Source
All 50,076 Writeup 62,260 Exploitdb 50,076 Nomisec 22,408 Github 3,623 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25