Exploitdb Exploits
50,095 exploits tracked across all sources.
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
by muts
AlienVault OSSIM 3.1 - Cross-Site Scripting via URL Parameter or Time Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
by muts
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
by muts
Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure
by Ciph3r
Ipswitch WhatsUp Gold 15.02 - SQL Injection
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.
by muts
Plixer Scrutinizer <9.5.2 - SQL Injection
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
by muts
Ipswitch WhatsUp Gold 15.02 - Cross-Site Scripting via SNMP System Name
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.
by muts
SolarWinds Orion NPM <10.3.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
by muts
X-Cart Gold 4.5 - Cross-Site Scripting via products_map.php symb Parameter
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
by muts
X-Cart Gold 4.5 - Cross-Site Scripting via products_map.php symb Parameter
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
by Am!r
Atmail Webmail Server 6.4 - Cross-Site Scripting via Email Date Field
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
by muts
CVSS 6.1
Novell ZENworks Configuration Management 11.1 and 11.1a - Remote Code Execution via Preboot Service Opcode 0x6c
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
by Metasploit
Novell ZENworks Configuration Management 11.1 and 11.1a - Stack-Based Buffer Overflow via Opcode 0x4c Request
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
by Metasploit
Novell ZENworks Configuration Management 11.1 and 11.1a - Stack-Based Buffer Overflow via Opcode 0x4c Request
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
by Metasploit
PHP 6.0 - 'openssl_verify()' Local Buffer Overflow (PoC)
by Yakir Wizman
Oracle Fusion Middleware 8.3.5 and 8.3.7 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.
by Francis Provencher
Oracle Fusion Middleware 8.3.5 and 8.3.7 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.
by Francis Provencher
Oracle Outside In Tech <8.3.5,8.3.7 - DoS
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related to Outside In Filters.
by Francis Provencher
Maian Survey - '/index.php' URI redirection / Local File Inclusion
by PuN!Sh3r
By Source