Text Exploits
31,337 exploits tracked across all sources.
Blackcat-cms Blackcat Cms < 1.1.2 - Path Traversal
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.
by d4rkr0id
CVSS 7.5
Akronymmanager < 0.5.0 - SQL Injection
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
by RedTeam Pentesting
Ektron CMS <9.10 SP1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.
by Jerold Hoong
E-Detective Lawful Interception System - Multiple Vulnerabilities
by Mustafa Al-Bassam
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
by rebel
CVSS 7.8
Apexis IP CAM - Information Disclosure
by Sunplace Solutions
Milw0rm Clone Script - SQL Injection
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
by walid naceri
Zcms - SQL Injection
SQL injection vulnerability in ZCMS 1.1.
by hyp3rlinx
CVSS 9.8
SE Html5 Album Audio Player < 1.1.0 - Path Traversal
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Larry W. Cashdollar
Aviary Image Editor Add-on For Gravit... - Unrestricted File Upload
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.
by Larry W. Cashdollar
CVSS 9.8
Labsmedia Clickheat < 1.1.4 - CSRF
Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.
by David Shanahan
Opsview < 4.6.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Test service check page.
by Dolev Farhi
Zcms - XSS
Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
by hyp3rlinx
CVSS 4.8
OSSEC <2.8.1 - RCE
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.
by Andrew Widdersheim
CVSS 7.0
Robot-cpa Robotcpa - Path Traversal
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
by T3N38R15
CVSS 7.5
Ispconfig < 3.0.5.4 - SQL Injection
SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.
by High-Tech Bridge SA
HP Webinspect < 10.4 - XXE
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
by Jakub Palaczynski
Intelligent-it Paypal Currency Conver... - Path Traversal
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
by Kuroi'SH
WordPress Plugin History Collection 1.1.1 - Arbitrary File Download
by Kuroi'SH
Everybit Encrypted Contact Form < 1.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.
by Nitin Venkatesh
Ispconfig < 3.0.5.4 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.
by High-Tech Bridge SA
Fiverrscript - CSRF
Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.
by Mahmoud Gamal
By Source