Exploitdb Exploits
50,095 exploits tracked across all sources.
Easy Banner Pro - 'index.php' Local File Inclusion
by Yakir Wizman
businesswiki 2.5rc3 - Persistent Cross-Site Scripting / Arbitrary file upload
by Shai rod
AB Banner Exchange - 'index.php' Local File Inclusion
by Yakir Wizman
Vice City Multiplayer Server 0.3z R2 - Remote Code Execution
by Sasuke78200
Adobe Pixel Bender Toolkit2 - 'tbbmalloc.dll' Multiple DLL Loading Code Execution Vulnerabilities
by coolkaveh
SiNG cms - 'Password.php' Cross-Site Scripting
by LiquidWorm
PHP Web Scripts Ad Manager Pro - 'page' Local File Inclusion
by Corrado Liotta
op5 Monitoring 5.4.2 - VM Applicance Multiple Vulnerabilities
by loneferret
Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities
by LiquidWorm
LetoDMS 3.3.6 - Cross-Site Request Forgery via Change Password
letodms 3.3.6 has CSRF via change password
by Shai rod
CVSS 6.5
Websense Content Gateway <7.7.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter.
by Steven Sim Kok Leong
E-Mail Security Virtual Appliance ESVA_2057 - Unauthenticated OS Command Injection via learn-msg.cgi id Parameter
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.
by Metasploit
XODA 0.4.5 - Unauthenticated Arbitrary PHP File Upload via Multipart Form Data
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.
by Metasploit
WordPress Plugin Rich Widget - Arbitrary File Upload
by Crim3R
WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload
by Crim3R
OrderSys 1.6.4 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities
by Canberk BOLAT
OpenDocMan 1.2.6.1 - Cross-Site Request Forgery (Password Change)
by Shai rod
Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities
by Crim3R
Jara 1.6 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities
by Canberk BOLAT
Banana Dance - Cross-Site Scripting / SQL Injection
by Canberk BOLAT
By Source