Exploitdb Exploits
50,091 exploits tracked across all sources.
osTicket - 'tickets.php?status' Cross-Site Scripting
by AkaStep
e107 1.0.2 - Cross-Site Request Forgery via download.php Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.
by Joshua Reynolds
e107 1.0.1 - Cross-Site Request Forgery via News Title Parameter
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
by Joshua Reynolds
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection
by Sammy FORGIT
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php?reqID' SQL Injection
by Sammy FORGIT
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php?reqID' SQL Injection
by Sammy FORGIT
Microsoft Internet Explorer <9 - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
by Metasploit
CVSS 8.8
IBM Lotus Quickr 8.2 - Remote Code Execution via Long Argument to Attachment_Times or Import_Times Method
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
by Metasploit
IBM Lotus iNotes 8.5.x - Buffer Overflow in Attachment_Times Method
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.
by Metasploit
BlazeVideo BlazeDVD Standard and Professional 5.0 - Stack-based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
by Craig Freyman
WHMCS 5.0 - Insecure Cookie Authentication Bypass
by Agd_Scorp
MyBB 1.6.9 - 'editpost.php?posthash' Blind SQL Injection
by Joshua Rogers
Joomla! Component Spider Calendar - 'date' Blind SQL Injection
by Red-D3v1L
GNU Grep < 2.11 - Remote Code Execution via Integer Overflow
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
by Joshua Rogers
WordPress Plugin Zingiri Forums - 'language' Local File Inclusion
by Amirh03in
Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution
by xistence
RealNetworks RealPlayer <16.0.0.282-1.1.5 - RCE
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
by Metasploit
cPanel WebHost Manager 11.34.0 - Cross-Site Scripting
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Christy Philip Mathew
CVSS 6.1
cPanel - 'detailbw.html' Multiple Cross-Site Scripting Vulnerabilities
by Christy Philip Mathew
Astaro Security Gateway 8.1 - HTML Injection
by Vulnerability Research Laboratory
By Source