Exploitdb Exploits
50,095 exploits tracked across all sources.
OrangeHRM < 2.6.11.2 - Cross-Site Scripting via uniqcode, isAdmin, or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
by High-Tech Bridge SA
OrangeHRM < 2.6.11.2 - SQL Injection via CentralController id Parameter
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by High-Tech Bridge SA
Java Applet Rhino Script Engine Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
by Metasploit
CVSS 9.8
3S CoDeSys 3.4 SP4 Patch 2 - Denial of Service via Crafted HTTP Request
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
by Luigi Auriemma
3S CoDeSys 3.4 SP4 Patch 2 - Denial of Service via Crafted HTTP Request
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
by Luigi Auriemma
IBM Lotus Domino <8.x - Auth Bypass
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
by Alexey Sintsov
Ctek SkyRouter 4200 and 4300 - Remote Code Execution via PINGADDRESS Parameter
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
by Metasploit
Oxide WebServer - Unauthenticated Path Traversal via Dot Dot Backslash
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
by demonalex
Virtual Vertex Muster < 6.1.2 - Path Traversal via Backslash Dot Dot in URL
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
by Nick Freeman
Siemens WinCC flexible - Directory Traversal via URI
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.
by Luigi Auriemma
Siemens WinCC flexible - Denial of Service via Crafted TCP Data
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.
by Luigi Auriemma
Siemens WinCC flexible - Stack-based Buffer Overflow via Unicode String Handling
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
by Luigi Auriemma
Siemens WinCC flexible 2004-2008 - Path Traversal and Arbitrary File Manipulation via HmiLoad Runtime Loader
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.
by Luigi Auriemma
Siemens WinCC flexible - Information Disclosure and Denial of Service via Crafted POST Request
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.
by Luigi Auriemma
Siemens Automation License Manager < 5.1 - Unauthenticated Arbitrary File Write
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
by Luigi Auriemma
Skysa App Bar Integration Plugin < 1.03 - Cross-Site Scripting via Submit Parameter
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
by Amir
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
Manx 1.0.1 - '/admin/admin_pages.php?Filename' Traversal Arbitrary File Access
by LiquidWorm
Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access
by LiquidWorm
JQuery-Real-Person plugin - Bypass Captcha
by Alberto_García_Illera
Android < 2.3.4 - Unauthorized SD Card Data Exposure via Crafted Content URIs
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
by Thomas Cannon
eSyndiCat Pro 2.3.05 - Cross-Site Scripting via Admin Controller Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page.
by d3v1l
Titan FTP Server 8.40 - 'APPE' Remote Denial of Service
by Houssam Sahli
Alurian Prismotube PHP Video Script - SQL Injection via id Parameter
SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by longrifle0x
By Source