Text Exploits
31,394 exploits tracked across all sources.
WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery
by Kaustubh G. Padwad
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities
by Peter Lapp
freshmail-newsletter < 1.6 - SQL Injection via FM_form Shortcode
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
by Felipe Molina
CVSS 8.8
IBM WebSphere Portal 6.1.0.0-6.1.0.6 CF27, 6.1.5.0-6.1.5.3 CF27, 7.0.0-7.0.0.2 CF28 - Authenticated Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
by Filippo Roncari
SonicWALL Remote Access Firmware < 7.5.1.0-38sv - Cross-Site Request Forgery via Bookmark Creation
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.
by Veit Hailperin
PDF Converter & Editor 2.1 iOS - Local File Inclusion
by Vulnerability-Lab
Invision Power Board <= 2.0.3 - Cross-Site Scripting via Highlite Parameter
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
by GulfTech Security
WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities
by Felipe Molina
Debian Linux < 3.1.1 - Improper Input Validation
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
by beford
TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC)
by Security-Assessment.com
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Request Forgery via tcp_box_path Parameter
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
by High-Tech Bridge SA
TheCartPress <1.3.9.3 - Path Traversal
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
by High-Tech Bridge SA
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.
by High-Tech Bridge SA
Foxit Reader, Enterprise Reader, and PhantomPDF < 7.1.5 - Denial of Service via Crafted GIF in PDF
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.
by Francis Provencher
TheCartPress <1.3.9.3 - Info Disclosure
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
by High-Tech Bridge SA
CVSS 7.5
By Source