Exploitdb Exploits
50,095 exploits tracked across all sources.
Pidgin 2.10.0 - Cleartext Transmission of Sensitive Information via DBUS
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
by Dimitris Glynos
CVSS 5.5
Oracle Java SE <7.2 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
by Metasploit
PHP Gift Registry 1.5.5 - Authenticated SQL Injection via UserID Parameter
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.
by G13
Trend Micro Control Manager < 5.5 - Remote Code Execution via Crafted IPC Packet
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.
by Metasploit
Orbit Downloader <2.6.4 - Buffer Overflow
Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed.
by Metasploit
The Uploader < 2.0.4 - SQL Injection via Username Parameter
SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Danny Moules
Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting
by Corrado Liotta
D-Link DCS-2000, DCS-5300, and DCS-900 - Cross-Site Request Forgery via rootpass Parameter
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
by Rigan Iimrigan
Unity 3D Web Player 3.2.0.61061 - Denial of Service
by Luigi Auriemma
DAMN Hash Calculator 1.5.1 - Local Heap Overflow (PoC)
by Julien Ahrens
Oxwall 1.1.1 - Cross-Site Scripting via Plugin Parameter
Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.
by Ariko-Security
Limesurvey <1.91+ Build 120224 - SQL Injection
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
by TorTukiTu
Dolibarr CMS 3.2.0 Alpha - Path Traversal & Arbitrary File Read via Document.php or Backtopage Parameter
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
by Benjamin Kunz Mejri
DFLabs PTK < 1.0.5 - Cross-Site Request Forgery in Logout Function
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
by Ivano Binetti
ContentLion Alpha 1.3 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Stefan Schurtz
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
by High-Tech Bridge SA
CVSS 6.1
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
by High-Tech Bridge SA
CVSS 6.1
Sagem F@ST 2604 - Cross-Site Request Forgery via sysPassword Parameter
Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
by KinG Of PiraTeS
D-Link DCS-2000, DCS-5300, and DCS-900 - Cross-Site Request Forgery via rootpass Parameter
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
by rigan
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
by Ivano Binetti
By Source