Exploitdb Exploits
50,095 exploits tracked across all sources.
1024 CMS 1.1.0 Beta - Multiple Input Validation Vulnerabilities
by QSecure & Demetris Papapetrou
FiberHome HG-110 - Cross-Site Scripting / Directory Traversal
by Zerial
S40 CMS 0.4.2 - Unauthenticated Path Traversal via Index.php p Parameter
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
by Osirys
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
by AutoSec Tools
eGroupWare 1.8.1 - 'test.php' Cross-Site Scripting
by AutoSec Tools
Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting
by kurdish hackers team
qooxdoo 1.3 - Cross-Site Scripting via Callback Parameter
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
by AutoSec Tools
MPlayer (r33064 Lite) - Local Buffer Overflow (ROP)
by Nate_M
TextPattern 4.2 - 'index.php' Cross-Site Scripting
by kurdish hackers team
Redmine 1.0.1-1.1.1 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.
by Mesut Timur
greenpants 0.1.7 - Multiple Vulnerabilities
by Ptrace Security
qooxdoo 1.3 - Path Traversal via Delay.php File Parameter
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
by AutoSec Tools
Dream Vision Technologies Web Portal - SQL Injection
by eXeSoul
WP Custom Pages <0.5.0.1 - Path Traversal
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
by AutoSec Tools
UseBB 1.0.11 - 'admin.php' Local File Inclusion
by High-Tech Bridge SA
OpenEMR 4 - Cross-Site Scripting via Site Parameter
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.
by AutoSec Tools
Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections
by High-Tech Bridge SA
Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)
by Metasploit
feedparser < 5.0 - Cross-Site Scripting via Nested CDATA Stanzas
Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.
by fazalmajid
IBM Lotus Domino <8.0.2 FP5-8.5.1 FP2 - RCE
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
by Metasploit
Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Michael Brooks
XOOPS 2.5 - 'banners.php' Multiple Local File Inclusions
by KedAns-Dz
WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting
by John Leitch
By Source