Text Exploits
31,394 exploits tracked across all sources.
WordPress <4.2.1 - XSS
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
by klikki
WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)
by Felipe Molina
WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)
by Felipe Molina
usb-creator <0.2.38.3ubuntu0.1 - Privilege Escalation
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
by Tavis Ormandy
CVSS 7.8
GoAutoDial GoAdmin CE - Remote Code Execution via cpanel PATH_INFO Parameter
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
by Chris McCurley
GoAutoDial GoAdmin CE - SQL Injection via User Credentials or PATH_INFO
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
by Chris McCurley
GoAutoDial GoAdmin CE 3.x - Unauthenticated Arbitrary File Upload via Voice Files Upload
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/.
by Chris McCurley
WordPress Tune Library <1.5.5 - SQL Injection
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
by Hannes Trunde
CVSS 8.1
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (2)
by dadou dz
WordPress Community Events <1.4 - SQL Injection
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
by Hannes Trunde
CVSS 9.8
GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
by Chris McCurley
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities
by Vulnerability-Lab
Photo Manager Pro 4.4.0 iOS - Local File Inclusion
by Vulnerability-Lab
Android 4.0.4 - Path Traversal and Arbitrary File Write via ADB Backup Tar Headers
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers.
by Imre Rad
CVSS 4.6
BlueDragon < 7.1.1 - Path Traversal via CFChart Servlet QUERY_STRING
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
by Portcullis
AZ Bulletin Board 1.0.07a-1.0.07c - Remote File Inclusion via dir_src or abs_layer Parameter
PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.
by GulfTech Security
Oracle Hyperion <11.1.2.5.216 - Info Disclosure
Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
by sajith
Oracle Outside In Technology - Unspecified Vuln
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0474.
by Francis Provencher
WordPress Plugin Ajax Store Locator 1.2 - SQL Injection
by Claudio Viviani
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (1)
by Necmettin COSKUN
By Source