Exploitdb Exploits
50,095 exploits tracked across all sources.
ManageEngine OpStor 7.4 - Multiple Vulnerabilities
by Vulnerability-Lab
T-dah WebMail 3.2.0-2.3 - Stored Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by Shai rod
hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting
by Shai rod
Mozilla Firefox - Remote Denial of Service
by Jean Pascal Pereira
LISTSERV 16 - 'SHOWTPL' Cross-Site Scripting
by Jose Carlos de Arriba
E-Mail Security Virtual Appliance ESVA_2057 - Unauthenticated OS Command Injection via learn-msg.cgi id Parameter
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.
by iJoo
Internet Explorer 6-8 - Use-After-Free in Timed Interactive Multimedia Extensions
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
by Ciph3r
Roundcube Webmail < 0.8.1 - Cross-Site Scripting via Email Signature
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
by Shai rod
Cyclope Employee Surveillance Solution 6.x - SQL Injection
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.
by Metasploit
Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities
by loneferret
Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)
by Metasploit
GlobalScape CuteZIP - Local Stack Buffer Overflow (Metasploit)
by Metasploit
xt:Commerce 3.04 SP2.1 - Blind SQL Injection
by stoffline.com
TestLink 1.9.3 - Arbitrary File Upload (Metasploit)
by Metasploit
Novell ZENworks Asset Management 7.5 - Remote Code Execution via rtrlet Directory Traversal
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
by Metasploit
By Source