Exploitdb Exploits
50,095 exploits tracked across all sources.
Vanilla Forums 2.0.16 - 'Target' Cross-Site Scripting
by YGN Ethical Hacker Group
sap crystal report server 2008 - Directory Traversal
by Dmitriy Chastuhin
Oracle Fusion Middleware <10.1.3.5 - RCE
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.
by Alexandr Polyakov
Oracle Document Capture - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll).
by Evdokimov Dmitriy
Oracle Document Capture - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll).
by Evdokimov Dmitriy
Oracle Fusion Middleware <10.1.3.5 - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).
by Alexey Sintsov
Xnova Legacies 2009.2 - Cross-Site Request Forgery
by Xploit A Day
SimpGB 1.49.2 - 'Guestbook.php' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
PHPDirector Game Edition - 'game.php' SQL Injection
by AtT4CKxT3rR0r1ST
AR Web Content Manager 2.2 - Path Traversal via awcm_theme or awcm_lang Cookie
Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php.
by Cucura
Automated Solutions Modbus/TCP Master OPC Server < 3.0.2 - Heap-Based Buffer Overflow via Crafted MODBUS Response Packet
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
by Jeremy Brown
WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting
by AutoSec Tools
WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload
by AutoSec Tools
WordPress Plugin Featured Content 0.0.1 - 'listid' Cross-Site Scripting
by AutoSec Tools
WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting
by AutoSec Tools
WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting
by AutoSec Tools
PivotX < 2.2.3 - Cross-Site Scripting via Image Parameter
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
by AutoSec Tools
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
by High-Tech Bridge SA
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
by High-Tech Bridge SA
By Source