Exploitdb Exploits
50,076 exploits tracked across all sources.
BMC Service Desk Express 10.2.1.95 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
by Nuri Fattah
Genetech Solutions Pie-Register <1.31 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.
by gravitylover
Serendipity < 1.6.2 - Cross-Site Scripting via serendipity[htmltarget] Parameter
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
by Omar Kurt
OpenEMR 4.1.1 - Cross-Site Scripting via Office Comments Note Parameter
Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.
by Nate Drier
Corda Highwire - 'Highwire.ashx' Full Path Disclosure
by Adam Willard
Corda .NET Redirector - 'redirector.corda' Cross-Site Scripting
by Adam Willard
Ultra Mini HTTPD 1.21 - Buffer Overflow
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
by superkojiman
MiniBB < 3.0.1 - Cross-Site Scripting via forum_name, forum_group, forum_icon, or forum_desc Parameter
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.
by Netsparker
PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities
by EntPro Cyber Security Research Group
nginx 1.3.9-1.4.0 - Remote Code Execution via Chunked Transfer-Encoding
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
by kingcope
Jolix Media Player 1.1.0 - '.m3u' Denial of Service
by IndonesiaGokilTeam
vBulletin Advanced User Tagging Mod - Persistent Cross-Site Scripting
by []0iZy5
mintboard 0.3 - Cross-Site Scripting via Login or Signup Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.
by Canberk BOLAT
iVote - 'details.php' SQL Injection
by Ashiyane Digital Security Team
ERDAS ER Viewer < 13.0.1.1301 - Stack-Based Buffer Overflow via Long String in ERS File
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.
by Metasploit
Cisco WebEx One-Click Client Password Encryption - Information Disclosure
by Brad Antoniewicz
Apache CXF 2.5.0-2.5.9, 2.6.0-2.6.6, 2.7.0-2.7.3 - Denial of Service via Crafted XML
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.
by SEC Consult
Oracle Solaris - Arbitrary File Write via Symlink Attack on /tmp/CLEANUP
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
by Larry W. Cashdollar
Air Drive Plus - Multiple Input Validation Vulnerabilities
by Benjamin Kunz Mejri
Adobe Reader/Acrobat <9.5.5, <10.1.7, <11.0.03 - RCE
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.
by feliam
CVSS 9.8
phpVibe 3.1 - Information Disclosure / Remote File Inclusion
by indoushka
OpenX < 2.8.10 - Cross-Site Scripting via Package or Group Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
by High-Tech Bridge SA
By Source