Text Exploits
31,394 exploits tracked across all sources.
WP Membership 1.2.3 - Authenticated Cross-Site Scripting via Profile Fields or New Post Content
Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.
by Panagiotis Vagenas
CVSS 5.4
Comodo GeekBuddy < 4.18.120 - Unauthenticated Privilege Escalation via VNC Server
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
by Jeremy Brown
FeedWordPress < 2015.0514 - Authenticated SQL Injection via link_ids[] Parameter
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
by Adrián M. F.
Microsoft Win32k - Privilege Escalation
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
by hfiref0x
CVSS 7.8
Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities
by Filippo Roncari
OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities
by Vulnerability-Lab
Wireless Photo Transfer 3.0 iOS - Local File Inclusion
by Vulnerability-Lab
Woltlab Burning Board 2.x and earlier - SQL Injection via Email Verification
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
by GulfTech Security
WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
by i0akiN SEC-LABORATORY
Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)
by hyp3rlinx
Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery
by Kaustubh G. Padwad
Synametrics Technologies Xeams <4.5 Build 5755 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.
by Marlow Tannhauser
WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery
by Evex
WordPress Plugin Ultimate Profile Builder 2.3.3 - Cross-Site Request Forgery
by Kaustubh G. Padwad
WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion
by T3N38R15
WordPress Plugin ClickBank Ads 1.7 - Cross-Site Request Forgery
by Kaustubh G. Padwad
By Source