Exploitdb Exploits
50,076 exploits tracked across all sources.
Citrix GoToMeeting <5.0.799.1238 - Info Disclosure
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
by Claudio J. Lacayo
Web Video Streamer - Multiple Vulnerabilities
by Eric Sesterhenn
Imageview - 'upload.php' Arbitrary File Upload
by TUNISIAN CYBER
MuPDF < 1.3 - Remote Code Execution via XPS ContextColor Path Attribute
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
by Jean-Jamil Khalife
AfterLogic Pro and Lite 7.1.1.1 - Persistent Cross-Site Scripting
by Saeed reza Zamanian
Teracom T2-B-Gawv1.4U10Y-BI - Cross-Site Scripting via essid Parameter
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
by Rakesh S
ASUS RT-N56U and RT-AC66U Firmware 3.0.0.4.374_979 - Remote Code Execution via apps_name or apps_flag Parameter
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
by Jacob Holcomb
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
by Ashiyane Digital Security Team
BloofoxCMS 0.5.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion
by AtT4CKxT3rR0r1ST
BloofoxCMS - '/bloofox/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
by AtT4CKxT3rR0r1ST
SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting
by Saeed reza Zamanian
Joomla! com_sexypolling <1.0.9 - SQL Injection
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
by High-Tech Bridge
PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities
by HackXBack
PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities
by HackXBack
PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)
by HackXBack
PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities
by HackXBack
PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities
by HackXBack
Collabtive < 1.2 - Authenticated SQL Injection via managetimetracker.php id Parameter
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
by Yogesh Phadtare
PHPJabbers Appointment Scheduler 2.0 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller.
by HackXBack
By Source