Exploitdb Exploits
50,083 exploits tracked across all sources.
gpEasy CMS < 3.5.2 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
by High-Tech Bridge SA
WordPress Plugin Developer Formatter - Cross-Site Request Forgery
by Junaid Hussain
DigiLIBE 3.4 - Exposure of Sensitive Configuration Information via Direct Request
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
by Robert Gilbert
Adult WebMaster Script - Password Disclosure
by Dshellnoi Unix
Perforce P4web 2011.1 and 2012.1 - Cross-Site Scripting
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
by Christy Philip Mathew
CVSS 6.1
PHP-Charts 1.0 - Unauthenticated Remote Code Execution via GET Parameter Eval Injection
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
by Metasploit
NConf 1.3 - '/detail.php/detail_admin_items.php?id' SQL Injection
by haidao
Jenkins - Script-Console Java Execution (Metasploit)
by Metasploit
Red Hat Enterprise Linux - Denial of Service via Long String to sort Command with -d or -M Switch
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
by anonymous
F5 BIG-IP <11.2.1 - Info Disclosure
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
by anonymous
Aloaha Credential Provider Monitor 5.0.226 - Local Privilege Escalation
by LiquidWorm
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
by 3spi0n
WordPress Plugin Ripe HD FLV Player - SQL Injection
by Zikou-16
Joomla! Component com_collector - Arbitrary File Upload
by Red Dragon_al
PHP-Charts 1.0 - Unauthenticated Remote Code Execution via GET Parameter Eval Injection
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
by AkaStep
Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow
by Jon Bailey
SonicWall GMS Analyzer UMA ViewPoint - Authentication Bypass via SGMS Interface
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
by Nikolas Sotiriu
CVSS 9.8
DELL SonicWALL Analyzer 7.0, GMS 4.1-7.0, UMA 5.1-7.0, ViewPoint 4.1-6.0 - Authentication Bypass
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
by Nikolas Sotiriu
CVSS 9.8
Jenkins CI Script Console - Command Execution (Metasploit)
by Spencer McIntyre
Apache OFBiz 10.04.x < 10.04.05 and 11.04.01 - Authenticated Cross-Site Scripting via Widget Attributes
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.
by Juan Caillava
NetIQ eDirectory <8.8.7.2 - Buffer Overflow
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
by Gary Nilson
Linksys E4200 Firmware 1.0.05 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
by m-1-k-3
CVSS 6.1
IP.Gallery - 'img' SQL Injection
by Ashiyane Digital Security Team
Invision Gallery 2.0.5 - SQL Injection
by Ashiyane Digital Security Team
By Source