Exploitdb Exploits
50,095 exploits tracked across all sources.
Cisco Unified Communications Manager <8 - Command Injection
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
by Knud Erik Hjgaard
VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow
by shinnai
MiniShare 1.4.0 < 1.5.5 - 'users.txt' Local Buffer Overflow
by Chris Gabriel
AVG Internet Security 9.0.851 - Local Denial of Service
by Nikita Tarakanov
Webmedia Explorer 6.13.1 - Persistent Cross-Site Scripting
by High-Tech Bridge SA
OnlineTechTools OWOS Professional Edition 2.10 - SQL Injection via Password Parameter
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
by VSN
MemHT Portal 4.0.1 - Persistent Cross-Site Scripting
by High-Tech Bridge SA
Kandidat CMS 1.4.2 - Persistent Cross-Site Scripting
by High-Tech Bridge SA
BroadWorks - Call Detail Record Security Bypass
by Nick Freeman
Apache Shiro < 1.1.0 and JSecurity 0.9.x - Path Traversal via URI Path Bypass
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
by Luke Taylor
libfuse < 2.8.5 - Unauthenticated Arbitrary Filesystem Unmount via Symlink Attack
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.
by halfdog
Site2Nite Vacation Rental Listings - SQL Injection via detail.asp ID Parameter
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by L0rd CrusAd3r
Site2Nite Business e-Listings - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by L0rd CrusAd3r
OnlineTechTools OWOS Professional Edition 2.10 - SQL Injection via Password Parameter
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
Digger Solutions NewsLetter Open Source - SQL Injection
by L0rd CrusAd3r
Comrie Software Pay Roll Time Sheet & Punch Card - Authentication Bypass
by L0rd CrusAd3r
Yaws 1.89 - Path Traversal via Dot Dot Backslash Sequences
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
by nitr0us
By Source