Text Exploits
31,394 exploits tracked across all sources.
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)
by Vulnerability-Lab
VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by hyp3rlinx
WordPress Plugin LeagueManager 3.9.11 - SQL Injection
by javabudd
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
by Hacker Fantastic
Aruba Networks ClearPass Policy Manager <6.4.5 - XSS
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
by Cristiano Maruti
PeerCast < 0.1211 - Remote Code Execution via Format String in URL
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
by GulfTech Security
Free Counter 1.1 - Cross-Site Scripting via value_ Parameter
Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.
by Panagiotis Vagenas
Sendio < 7.2.3 - Authenticated Session Information Exposure
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
by Core Security
Landing Pages < 1.8.4 - Authenticated SQL Injection via post Parameter
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
by Adrián M. F.
NewStatPress < 0.9.8 - Authenticated SQL Injection via where1 Parameter
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
by Adrián M. F.
Acoustica Pianissimo 1.0 Build 12 - 'Registration ID' Buffer Overflow (PoC)
by LiquidWorm
WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay
by Claudio Viviani
WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection
by woodspeed
NewStatPress < 0.9.8 - Authenticated Cross-Site Scripting via where1 Parameter
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
by Adrián M. F.
WordPress Plugin MailChimp Subscribe Forms 1.1 - Remote Code Execution
by woodspeed
Landing Pages < 1.8.4 - Authenticated Cross-Site Scripting via Post Parameter
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.
by Adrián M. F.
GigPress < 2.3.8 - Authenticated SQL Injection via show_artist_id or show_venue_id Parameter
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
by Adrián M. F.
Church Admin < 0.800 - Cross-Site Scripting via Address Parameter
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
by woodspeed
Sendio < 7.2.3 - Session Identifier Exposure via Referrer HTTP Header
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
by Core Security
Windows - Denial of Service via Font Mapper in win32k.sys
The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability."
by Sky lake
FUSE <2.9.3-15 - Local Privilege Escalation
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
by Tavis Ormandy
WP Symposium < 15.2 - SQL Injection via Forum Show Parameter
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
by Hannes Trunde
By Source