Exploitdb Exploits
50,095 exploits tracked across all sources.
SonicWall ViewPoint 6.0 SP2 - SQL Injection via scheduleID Parameter
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.
by Rem0ve
Contao < 2.10.2 - Cross-Site Scripting via PATH_INFO to index.php
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
by Stefan Schurtz
banana_dance < 0.9 - SQL Injection via user.php id Parameter
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Aodrulez
Digest < 1.17 - Eval Injection via new Constructor
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
by anonymous
CA Total Defense UNC Server r12 - SQL Injection
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
by Metasploit
Polipo < 1.0.4.1 - Denial of Service via HTTP POST/PUT Request
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.
by Usman Saeed
CVSS 7.5
RedLine < 1.66 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
Morning Coffee < 3.6 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by SiteWatch
Black-LetterHead < 1.6 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by SiteWatch
WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection
by Miroslav Stampar
WordPress Plugin Bannerize 2.8.7 - SQL Injection
by Miroslav Stampar
ProjectForum 7.0.1 3038 - 'more' Object HTML Injection
by Paul Davis
FreeBSD 7.3-9.0-RC1 - Buffer Overflow via Long UNIX Socket Pathname in bind System Call
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
by Shaun Colley
AmmSoft ScriptFTP 3.3 - Buffer Overflow
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
by otoy
zespia/pixiv_custom < 2.1.6 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
EvoLve < 1.2.6 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
WordPress Elegant Grunge <1.0.4 - XSS
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
Atahualpa < 3.6.8 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant
By Source