Exploitdb Exploits
50,091 exploits tracked across all sources.
bitweaver < 2.8.1 - Cross-Site Scripting via Path Info or Parameter Injection
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
by Trustwave's SpiderLabs
CVSS 6.1
Turbo FTP Server <1.30.823-1.30.826 - Buffer Overflow
Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.
by Metasploit
ClanSphere 2011.3 - Local File Inclusion
ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks.
by blkhtc0rp
CVSS 7.5
White Label CMS < 1.5.1 - Cross-Site Request Forgery via wlcms_o_developer_name Parameter
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
by pcsjj
White Label CMS 1.5 - Authenticated Stored Cross-Site Scripting via wlcms_o_developer_name Parameter
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
by pcsjj
WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities
by waraxe
WHMCompleteSolution (WHMCS) 4.5.2 - 'googlecheckout.php' SQL Injection
by Starware Security Team
Subrion CMS 2.2.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
by High-Tech Bridge SA
Movable Type Pro 5.13 - Cross-Site Scripting via Comment Section
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
by sqlhacker
Joomla! Component com_kunena - 'search' SQL Injection
by D35m0nd142
Joomla! Component com_commedia - 'task' SQL Injection
by D4NB4R
ATutor AContent <1.2 - SQL Injection
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
by High-Tech Bridge SA
FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection
by Aung Khant
SpamTitan WebTitan < 3.50 - Authenticated Path Traversal via logs-x.php fname Parameter
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.
by Richard Conner
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection (Metasploit)
by xistence
Microsoft Internet Explorer 9 - Cross-Site Scripting Filter Bypass
by Jean Pascal Pereira
Joomla! Component com_fss 1.9.1.1447 - SQL Injection
by D4NB4R
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting
by Netsparker
ManageEngine Security Manager Plus 5.5 build 5505 - Directory Traversal
by xistence
By Source