Exploitdb Exploits
50,095 exploits tracked across all sources.
WordPress Theme Hybrid 0.9 - 'cpage' Cross-Site Scripting
by SiteWatch
F8 Lite < 4.2.2 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
Cover WP < 1.6.6 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by jabdah
WordPress Plugin Link Library 5.2.1 - SQL Injection
by Miroslav Stampar
AdRotate < 3.6.8 - SQL Injection via Track Parameter
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
by Miroslav Stampar
IceWarp WebMail <10.3.3 - SSRF/Info Disclosure
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
by David Kirkpatrick
PHP < 5.3.9 - Denial of Service via PDORow and Session Interaction
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
by anonymous
Freefloat FTP Server - Remote Buffer Overflow (DEP Bypass)
by blake
sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities
by Luigi Auriemma
Cogent DataHub <7.1.1.63 - Buffer Overflow
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.
by mr_me
Zyncro 3.0.1.20 - Social Network Message Menu SQL Injection
by Ferran Pichel Llaquet
Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities
by Ferran Pichel Llaquet
TWiki < 5.1.0 - Cross-Site Scripting via New Topic Parameter or SlideShow Plugin Query String
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
by Mesut Timur
TWiki < 5.1.0 - Cross-Site Scripting via New Topic Parameter or SlideShow Plugin Query String
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
by Mesut Timur
AWStats 6.95/7.0 - 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
Blue Coat Reporter 9.x < 9.2.4.13, 9.2.5.x < 9.2.5.1, 9.3 < 9.3.1.2 - Path Traversal
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
by nitr0us
MetaServer RT 3.2.1.450 - Multiple Vulnerabilities
by Luigi Auriemma
EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities
by Luigi Auriemma
OneCMS 2.6.4 - Multiple SQL Injections
by kurdish hackers team
Microsoft SharePoint and Office Products - XML External Entity Injection in Web Parts
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
by Nicolas Gregoire
AmmSoft ScriptFTP 3.3 - Buffer Overflow
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
by modpr0be
IBM Lotus Domino 8.5.2 - Buffer Overflow
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
by rmallof
eSignal < 10.6.2425 - Stack-Based and Heap-Based Buffer Overflow via Long StyleTemplate or FaceName Field
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
by Metasploit
By Source