Text Exploits
31,337 exploits tracked across all sources.
Pimcore - Path Traversal
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
by Portcullis
Cygnux Syspass < 1.0.9 - SQL Injection
SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.
by SySS GmbH
Squirrelmail - XSS
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
by GulfTech Security
Free Reprintables ArticleFR 3.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.
by LiquidWorm
SOPlanning <1.32 - Path Traversal
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
by Huy-Ngoc DAU
CVSS 5.3
Soplanning <1.32 - Info Disclosure
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
by Huy-Ngoc DAU
CVSS 7.5
Simple Online Planning <1.33 - XSS
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
by Huy-Ngoc DAU
CVSS 5.4
SOPPlanning <1.33 - SQL Injection
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
by Huy-Ngoc DAU
CVSS 9.8
Zenphoto <1.4.9 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).
by Tim Coen
CVSS 6.5
Swim Team plugin <1.44.10777 - Path Traversal
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
by Larry W. Cashdollar
CVSS 5.3
WordPress Plugin CP Contact Form with Paypal 1.1.5 - Multiple Vulnerabilities
by Nitin Venkatesh
SOPlanning <1.32 - Code Injection
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.
by Huy-Ngoc DAU
CVSS 5.3
Free Reprintables ArticleFR 3.0.6 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/.
by LiquidWorm
Arabportal Arab Portal - SQL Injection
SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.
by ali ahmady
WordPress Plugin CP Multi View Event Calendar 1.1.7 - SQL Injection
by i0akiN SEC-LABORATORY
WordPress Plugin CP Image Store with Slideshow 1.0.5 - Arbitrary File Download
by i0akiN SEC-LABORATORY
Easy2map < 1.2.4 - SQL Injection
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.
by Larry W. Cashdollar
Blueberry Express 5.9.0.3678 - Local Buffer Overflow (SEH)
by Vulnerability-Lab
Symantec Endpoint Protection 12.1.4013 - Service Disabling
by hyp3rlinx
WP e-Commerce Shop Styling <2.6 - Path Traversal
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
by Larry W. Cashdollar
CVSS 7.5
Easy2map < 1.2.4 - Path Traversal
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.
by Larry W. Cashdollar
By Source