Exploitdb Exploits
50,095 exploits tracked across all sources.
VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities
by Ertebat Gostar Co
VICIDIAL Call Center Suite - Multiple SQL Injections
by Ertebat Gostar Co
Joomla! com_rokmodule 1.1 - SQL Injection
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
by Yarolinux
DeltaScripts PHP Links < 1.3 - SQL Injection via admin_username Parameter
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
by L0n3ly-H34rT
Oracle VM VirtualBox 3.2, 4.0, 4.1 - Denial of Service in VirtualBox Core
Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling."
by halfdog
ActiveFax (ActFax) 4.3 - Client Importer Buffer Overflow (Metasploit)
by Metasploit
Sflog! CMS 1.0 - Arbitrary File Upload (Metasploit)
by Metasploit
HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit)
by Metasploit
SAP NetWeaver 7.0 EHP1 and EHP2 - Remote Code Execution via DiagTraceR3Info Function
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
by Metasploit
WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities
by Matan Azugi
TestLink < 1.9.3 - Cross-Site Request Forgery via User Management
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
by High-Tech Bridge SA
Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities
by LiquidWorm
glibc < 2.17 - Heap-Based Buffer Overflow via Long String in strcoll_l
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
by Jan iankko Lieskovsky
Sitecom Home Storage Center - Authentication Bypass
by Mattijs van Ommeren
web@all - Local File Inclusion / Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
by Brendan Coles
MobileCartly 1.0 - Unauthenticated Arbitrary File Creation via savepage.php
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
by Metasploit
Kayako Fusion 4.40.1148 - Cross-Site Scripting via PATH_INFO in PHPExcel Download Script
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by High-Tech Bridge
flogr < 2.5.6 - Cross-Site Scripting via PATH_INFO or Arbitrary Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.
by High-Tech Bridge
Extcalendar 2.0 - Multiple SQL Injections / HTML Injection Vulnerabilities
by Ashiyane Digital Security Team
By Source