Text Exploits
31,394 exploits tracked across all sources.
Paypal Currency Converter Basic For WooCommerce < 1.4 - Unauthenticated Arbitrary File Read via requrl Parameter
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
by Kuroi'SH
WordPress Plugin History Collection 1.1.1 - Arbitrary File Download
by Kuroi'SH
Encrypted Contact Form < 1.1 - Cross-Site Request Forgery via iframe_url Parameter
Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.
by Nitin Venkatesh
ISPConfig < 3.0.5.4 - Cross-Site Request Forgery via Admin User Creation
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.
by High-Tech Bridge SA
FiverrScript 7.2 - Cross-Site Request Forgery via Admin Creation Endpoint
Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.
by Mahmoud Gamal
Apple Mac OS X < 10.10.4 - Numeric Error
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.
by Pedro Ribeiro
Bonita BPM Portal <6.5.3 - Open Redirect
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
by High-Tech Bridge SA
CVSS 6.1
SysAid Help Desk <15.2 - Auth Bypass
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
by Pedro Ribeiro
Alcatel-Lucent OmniSwitch Firmware < 6.4.5.r02 - Cross-Site Request Forgery via User Creation
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
by RedTeam Pentesting
Milw0rm Clone Script 1.0 - SQL Injection via Related.php Program Parameter
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
by Pancaker
WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities
by T3N38R15
WordPress Plugin WP Mobile Edition - Local File Inclusion
by Ali Khalil
Pasworld - 'detail.php' Blind SQL Injection
by Sebastian khan
D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change
by Todor Donev
WiFi HD 8.1 - Directory Traversal / Denial of Service
by Wh1t3Rh1n0 (Michael Allen)
Broadlight Residential Gateway DI3124 - Remote DNS Change
by Todor Donev
WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion
by Kuroi'SH
zM Ajax Login & Register < 1.0.9 - Path Traversal via Template Parameter
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
by Panagiotis Vagenas
Zanematthew ZM Ajax Login & Register < 1.0.9 - XSS
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Panagiotis Vagenas
By Source