Exploitdb Exploits
50,076 exploits tracked across all sources.
Bonita BPM Portal <6.5.3 - Open Redirect
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
by High-Tech Bridge SA
CVSS 6.1
SysAid Help Desk <15.2 - Auth Bypass
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
by Pedro Ribeiro
GeoVision (GeoHttpServer) Webcams - Remote File Disclosure
by Viktor Minin
Alcatel-Lucent OmniSwitch Firmware < 6.4.5.r02 - Cross-Site Request Forgery via User Creation
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
by RedTeam Pentesting
Milw0rm Clone Script 1.0 - SQL Injection via Related.php Program Parameter
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
by Pancaker
Microsoft Internet Explorer 11 - Crash (PoC) (2)
by Pawel Wylecial
WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities
by T3N38R15
WordPress Plugin WP Mobile Edition - Local File Inclusion
by Ali Khalil
Pasworld - 'detail.php' Blind SQL Injection
by Sebastian khan
D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change
by Todor Donev
WiFi HD 8.1 - Directory Traversal / Denial of Service
by Wh1t3Rh1n0 (Michael Allen)
Broadlight Residential Gateway DI3124 - Remote DNS Change
by Todor Donev
1 Click Extract Audio 2.3.6 - Activex Buffer Overflow
by metacom
1 Click Audio Converter 2.3.6 - Activex Local Buffer Overflow
by metacom
WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion
by Kuroi'SH
Nmedia Member Conversation < 1.4 - Unauthenticated Arbitrary File Upload via doupload.php
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.
by Sammy FORGIT
zM Ajax Login & Register < 1.0.9 - Path Traversal via Template Parameter
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
by Panagiotis Vagenas
Jildi FTP Client 1.5.6 - Local Buffer Overflow (SEH)
by Zahid Adeel
Zanematthew ZM Ajax Login & Register < 1.0.9 - XSS
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Panagiotis Vagenas
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)
by Vulnerability-Lab
By Source