Exploitdb Exploits
50,095 exploits tracked across all sources.
xt:Commerce Shopsoftware 3/4 - 'FCKeditor' Arbitrary File Upload
by Net.Edit0r
WordPress Plugin WP Survey And Quiz Tool 1.2.1 - Cross-Site Scripting
by John Leitch
Vodpod Video Gallery Plugin <3.1.5 - XSS
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.
by John Leitch
WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal
by John Leitch
WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure
by John Leitch
WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting
by John Leitch
Pro Desk Support Center 1.0 and 1.2 - Path Traversal via Include File Parameter
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
by d3v1l
Cookex Agency CKForms <1.3.3 - Path Traversal
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by ALTBTA
Joomla! Component com_clan - SQL Injection
by AtT4CKxT3rR0r1ST
Novell GroupWise <8.02HP - Path Traversal
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
by Francis Provencher
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
pilot_cart 7.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.
by Ariko-Security
filecopa ftp server 6.01 - Directory Traversal
by Pawel Wylecial
Libmbfl 1.1.0 - Information Disclosure via mb_strcut Length Parameter
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).
by Mateusz Kocielski
ProFTPD - Stack-Based Buffer Overflow via TELNET IAC Escape Character
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
by kingcope
pilot_cart 7.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
by Ariko-Security
By Source