Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-5258 EXPLOITDB text VERIFIED
OrangeHRM < 2.6.11.2 - Cross-Site Scripting via uniqcode, isAdmin, or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
by High-Tech Bridge SA
CVE-2011-5259 EXPLOITDB text VERIFIED
OrangeHRM < 2.6.11.2 - SQL Injection via CentralController id Parameter
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by High-Tech Bridge SA
CVE-2011-3544 EXPLOITDB CRITICAL ruby VERIFIED
Java Applet Rhino Script Engine Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
by Metasploit
CVSS 9.8
CVE-2011-5009 EXPLOITDB text VERIFIED
3S CoDeSys 3.4 SP4 Patch 2 - Denial of Service via Crafted HTTP Request
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
by Luigi Auriemma
CVE-2011-5009 EXPLOITDB text VERIFIED
3S CoDeSys 3.4 SP4 Patch 2 - Denial of Service via Crafted HTTP Request
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
by Luigi Auriemma
CVE-2011-1519 EXPLOITDB html VERIFIED
IBM Lotus Domino <8.x - Auth Bypass
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
by Alexey Sintsov
CVE-2011-5010 EXPLOITDB ruby VERIFIED
Ctek SkyRouter 4200 and 4300 - Remote Code Execution via PINGADDRESS Parameter
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
by Metasploit
CVE-2011-4712 EXPLOITDB text VERIFIED
Oxide WebServer - Unauthenticated Path Traversal via Dot Dot Backslash
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
by demonalex
CVE-2011-4714 EXPLOITDB text VERIFIED
Virtual Vertex Muster < 6.1.2 - Path Traversal via Backslash Dot Dot in URL
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
by Nick Freeman
CVE-2011-4878 EXPLOITDB text VERIFIED
Siemens WinCC flexible - Directory Traversal via URI
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.
by Luigi Auriemma
CVE-2011-4877 EXPLOITDB text VERIFIED
Siemens WinCC flexible - Denial of Service via Crafted TCP Data
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.
by Luigi Auriemma
CVE-2011-4875 EXPLOITDB text VERIFIED
Siemens WinCC flexible - Stack-based Buffer Overflow via Unicode String Handling
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
by Luigi Auriemma
CVE-2011-4876 EXPLOITDB text VERIFIED
Siemens WinCC flexible 2004-2008 - Path Traversal and Arbitrary File Manipulation via HmiLoad Runtime Loader
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.
by Luigi Auriemma
CVE-2011-4879 EXPLOITDB text VERIFIED
Siemens WinCC flexible - Information Disclosure and Denial of Service via Crafted POST Request
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.
by Luigi Auriemma
CVE-2011-4532 EXPLOITDB text VERIFIED
Siemens Automation License Manager < 5.1 - Unauthenticated Arbitrary File Write
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.
by Luigi Auriemma
CVE-2011-5179 EXPLOITDB text VERIFIED
Skysa App Bar Integration Plugin < 1.03 - Cross-Site Scripting via Submit Parameter
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
by Amir
EIP-2026-109323 EXPLOITDB text VERIFIED
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-109322 EXPLOITDB text VERIFIED
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-109321 EXPLOITDB text VERIFIED
Manx 1.0.1 - '/admin/admin_pages.php?Filename' Traversal Arbitrary File Access
by LiquidWorm
EIP-2026-109320 EXPLOITDB text VERIFIED
Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access
by LiquidWorm
EIP-2026-108930 EXPLOITDB text VERIFIED
JQuery-Real-Person plugin - Bypass Captcha
by Alberto_García_Illera
CVE-2010-4804 EXPLOITDB php
Android < 2.3.4 - Unauthorized SD Card Data Exposure via Crafted Content URIs
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
by Thomas Cannon
CVE-2011-5177 EXPLOITDB text VERIFIED
eSyndiCat Pro 2.3.05 - Cross-Site Scripting via Admin Controller Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page.
by d3v1l
EIP-2026-116412 EXPLOITDB python VERIFIED
Titan FTP Server 8.40 - 'APPE' Remote Denial of Service
by Houssam Sahli
CVE-2011-5103 EXPLOITDB text
Alurian Prismotube PHP Video Script - SQL Injection via id Parameter
SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by longrifle0x