Exploitdb Exploits
50,095 exploits tracked across all sources.
Joomla! Component com_jdirectory - SQL Injection
by Caddy Dz
Joomla! Component com_community - 'userid' SQL Injection
by Ne0 H4ck3R
HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution
by daveb
BESNI OKUL PORTAL - 'sayfa.asp' Cross-Site Scripting
by Err0R
MyBB MyTabs Plugin - 'tab' SQL Injection
by AutoRUN & dR.sqL
Android 2.3.4 and 3.1 - Cross-Application Scripting via Browser URL Loading
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.
by Roee Hay
ZoneMinder 1.24.x - Path Traversal via View Request or Action Parameter
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
by iye
Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant
CA Arcserve D2D GWT RPC - Credential Information Disclosure (Metasploit)
by Metasploit
Actfax FTP Server 4.27 - 'USER' Stack Buffer Overflow (Metasploit)
by mr_me
Digital Scribe 1.5 - register_form()' Multiple POST Cross-Site Scripting Vulnerabilities
by LiquidWorm
Link Station Pro - Multiple Vulnerabilities
by $#4d0\/\/[r007k17]
Chyrp < 2.0 - Authenticated Arbitrary PHP File Upload via swfupload Extension
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.
by Wireghoul
Chyrp < 2.1 - Remote File Inclusion via Action Parameter
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
by Wireghoul
Chyrp < 2.0 - Path Traversal via File Parameter in gz.php
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
by Wireghoul
ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities
by Narendra Shinde
By Source