Exploitdb Exploits
50,091 exploits tracked across all sources.
WordPress Plugin Facebook Survey 1.0 - SQL Injection
by Vulnerability Research Laboratory
openSIS 5.1 - 'ajax.php' Local File Inclusion
by Julian Horoszkiewicz
SonicWALL CDP 5040 6.x - Multiple Vulnerabilities
by Vulnerability-Lab
Novell File Reporter <1.0.2 - Path Traversal
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
by Metasploit
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
by HaCkeR_EgY
WordPress Theme Dailyedition-mouss - 'id' SQL Injection
by Ashiyane Digital Security Team
WordPress Plugin Tagged Albums - 'id' SQL Injection
by Ashiyane Digital Security Team
Open-Realty 2.5.8 - Cross-Site Request Forgery
by Aung Khant
friendsinwar FAQ Manager - 'view_faq.php?question' SQL Injection
by unsuprise
Friends in War The FAQ Manager - 'question' SQL Injection
by unsuprise
ATutor 2.1 - 'tool_file' Local File Inclusion
by Julian Horoszkiewicz
Media Player Classic (MPC) 1.5 - WebServer Request Handling Remote Denial of Service
by X-Cisadane
Oracle Database Server <11.2.0.1 - Info Disclosure
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.
by Metasploit
Novell NetIQ Privileged User Manager 2.3.1 - 'ldapagnt.dll' ldapagnt_eval() Perl Code Evaluation Remote Code Execution
by rgod
NetIQ Privileged User Manager 2.3.x - Authenticated Path Traversal and Arbitrary File Write via Log Pathname
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
by rgod
iDev Rentals 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
Friends in War Make or Break 1.3 - Authentication Bypass
by d3b4g
Baby Gekko < 1.2.2 - Cross-Site Scripting via Admin ID or Login Credentials
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
Broadcom BCM4325 and BCM4329 - Denial of Service via RSN 802.11i Information Element
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
by CoreLabs
myre_business_directory - SQL Injection via links.php cat Parameter
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by d3b4g
MYRE Vacation Rental Software - SQL Injection via Garage or Bathrooms Parameter
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.
by d3b4g
By Source