Exploitdb Exploits
50,083 exploits tracked across all sources.
TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities
by W1ckerMan
KrisonAV CMS < 3.0.2 - Cross-Site Scripting via Content Parameter
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
by High-Tech Bridge SA
Oracle Fusion Middleware WebCenter Sites 7.6.2, 11.1.1.6.0, 11.1.1.6.1 - Authenticated Integrity Impact
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.
by SEC Consult
Oracle Java SE <7.17,6.43,5.41 - DoS
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
by SEC Consult
Foxit Reader 5.4.3.x < 5.4.5.0124 - PDF XREF Parsing Denial of Service
by FuzzMyApp
KrisonAV CMS < 3.0.2 - Cross-Site Request Forgery via User Account Creation
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
by High-Tech Bridge SA
SAP ConfigServlet - OS Command Execution (Metasploit)
by Andras Kabai
FirePHP Firefox Plugin 0.7.1 - Remote Command Execution
by Wireghoul
AultWare pwStore 2010.8.30.0 - Denial of Service via Empty HTTP Request
AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request
by Josep Pi Rodriguez
CVSS 7.5
ZPanel through 10.1.0 - Remote Code Execution
ZPanel through 10.1.0 has Remote Command Execution
by Sven Slootweg
CVSS 7.8
MinaliC WebServer 2.0.0 - Remote Buffer Overflow
by superkojiman
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities
by Henry Hoggard
Pop Up News module 2.0 - SQL Injection via itemid Parameter
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
by NoGe
CMSLogik 1.2.0-1.2.1 - Stored Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.
by LiquidWorm
Linux Kernel < 3.8.8 - Denial of Service via Ftrace lseek NULL Pointer Dereference
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
by anonymous
Cisco Linksys EA2700 Router - Multiple Vulnerabilities
by Phil Purviance
Todoo Forum 2.0 - SQL Injection via id_post or pg Parameter
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
Todoo Forum 2.0 - Cross-Site Scripting via id_post or pg Parameter
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
Stormy Studios Knet <= 1.04c - Buffer Overflow via Long HTTP GET Request
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
by Wireghoul
Allied Telesyn AT-TFTP < 1.9 - Stack-Based Buffer Overflow via Long Filename in GET or PUT Command
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
by xis_one
SimpleHRM <= 2.3 - SQL Injection via Username Parameter
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
by Doraemon
Free Monthly Websites 2.0 - Admin Password Change
by Yassin Aboukir
By Source