Exploitdb Exploits
50,095 exploits tracked across all sources.
Joomla! Component com_xmovie 1.0 - Local File Inclusion
by KelvinX
CubeCart 3.0.6 - Cross-Site Request Forgery (Add Admin)
by P0C T34M
IBM Tivoli Access Manager 6.1.1 for E-Business - Directory Traversal
by anonymous
Social Share - 'search' Cross-Site Scripting
by Aliaksandr Hartsuyeu
MyBB < 1.6.1 - SQL Injection via Search or Private Keywords Parameter
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
by Aung Khant
MyBB < 1.6.1 - SQL Injection via Search or Private Keywords Parameter
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
by Aung Khant
Joomla! Component com_ponygallery - Remote File Inclusion
by AtT4CKxT3rR0r1ST
Joomla! Component com_adsmanager - Remote File Inclusion
by AtT4CKxT3rR0r1ST
IPN Development Handler 2.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
Appweb Web Server 3.2.2-1 - Cross-Site Scripting
by Gjoko Krstic
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx AddContextRef Method
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
by WooYun
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx ReleaseContext Method
The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.
by WooYun
WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting
by clshack
WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scripting
by clshack
Citrix Access Gateway <5.0 - Command Injection
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
by George D. Gal
By Source