Exploitdb Exploits
50,091 exploits tracked across all sources.
WordPress Plugin PHP Event Calendar - 'cid' SQL Injection
by Ashiyane Digital Security Team
WordPress Plugin Eco-annu - 'eid' SQL Injection
by Ashiyane Digital Security Team
ESRI ArcGIS Server 10.1 - Authenticated SQL Injection via REST Service Query Where Parameter
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
by anonymous
ar web content manager 2.2 - Unauthenticated Improper Authentication via cookie_gen.php
cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.
by Sooel Son
WinRM - VBS Remote Code Execution (Metasploit)
by Metasploit
EMC NetWorker 7.6.3-7.6.4 and 8.0 - Remote Code Execution via nsrd RPC Service Format String
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
by Metasploit
WordPress Plugin FLV Player - 'id' SQL Injection
by Ashiyane Digital Security Team
OrangeHRM 2.7.1 RC 1 - SQL Injection
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.
by High-Tech Bridge
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
by webDEViL
Cryptocat < 2.0.22 - Remote Script Injection via Improper Input Sanitization
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
by Mario Heiderich
CVSS 9.8
Cryptocat < 2.0.22 - Information Disclosure via img/keygen.gif
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
by Mario Heiderich
CVSS 7.5
AVerCaster Pro RS3400 Web Server - Directory Traversal
by Patrick Saladino
VeriFone VeriCentre Web Console <2.2.36 - SQL Injection
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
by Cory Eubanks
ZPanel < 10.0.1 - SQL Injection via inEmailAddress Parameter
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
by pcsjj
ZPanel < 10.0.1 - Cross-Site Scripting via inFullname Parameter
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.
by pcsjj
ZPanel < 10.0.1 - Cross-Site Request Forgery via FTP User Creation
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
by pcsjj
ZPanel 10.0.1 - Weak Password Recovery Mechanism
ZPanel 10.0.1 has insufficient entropy for its password reset process.
by pcsjj
CVSS 9.8
CheckPoint/Sofaware Firewall - Multiple Vulnerabilities
by Procheckup
HP Intelligent Management Center UAM - Remote Buffer Overflow (Metasploit)
by Metasploit
BigAnt Server 2.52 SP5 - Remote Stack Overflow ROP-Based (SEH) (ASLR + DEP Bypass)
by Lorenzo Cantoni
Sysax FTP Automation Server 5.33 - Local Privilege Escalation
by Craig Freyman
By Source