Exploitdb Exploits
50,076 exploits tracked across all sources.
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ZamFoo - Multiple Remote Command Execution Vulnerabilities
by Al-Shabaab
CIS Manager CMS - SQL Injection via TroncoID Parameter
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
by felipe andrian
PhonerLite < 2.15 - Password Hash Disclosure via SIP Digest Leak
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
by Jason Ostrom
CVSS 7.5
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
by Brandon Perry
Ajax Pagination (twitter Style) <1.1 - Path Traversal
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
by Glyn Wintle
CVSS 7.5
SePortal 2.4 - SQL Injection via poll_id or sp_id Parameter
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
by Metasploit
plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak
by neglomaniac
EMC Cloud Tiering Appliance 10-SP1 - XML External Entity Injection via API Login Request
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
by Brandon Perry
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Primo Interactive CMS - 'pcm.cgi' Remote Command Execution
by Felipe Andrian Peixoto
FitNesse Wiki <20140201 - Command Injection
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
by SecPod Research
iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Joomla! Component Kunena 3.0.4 - Persistent Cross-Site Scripting
by Qoppa
SonicWALL Email Security Appliance < 7.4.5 - Authenticated Cross-Site Scripting via Upload Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
by Vulnerability-Lab
Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Easy FileManager 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
IBM Tealeaf CX 7.x, 8.x-8.6, 8.7-8.8 - Authenticated Path Traversal via Log Parameter
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
by drone
By Source