Text Exploits
31,394 exploits tracked across all sources.
WordPress Plugin Video Gallery 2.8 - SQL Injection
by Claudio Viviani
WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
by LiquidWorm
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Deletion
by LiquidWorm
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Creation / Remote Code Execution
by LiquidWorm
WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure
by Khwanchai Kaewyos
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (1)
by Claudio Viviani
WordPress Plugin Duplicator 0.5.14 - SQL Injection / Cross-Site Request Forgery
by Claudio Viviani
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
by anonymous
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload
by Manish Tanwar
WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection
by Dan King
Shareaholic < 7.6.0.9 - Authenticated Cross-Site Scripting via location[id] Parameter
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
by Kacper Szurek
WordPress Plugin All In One WP Security & Firewall 3.9.0 - SQL Injection
by Claudio Viviani
Novell ZENworks Configuration Management < 11.3.2 - Remote Code Execution via UploadServlet uid Parameter
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
by Pedro Ribeiro
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload
by Claudio Viviani
Kemp Load Master < 7.1.20b - Cross-Site Request Forgery in Administrative Pages
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
by Roberto Suggi Liverani
CVSS 8.8
Kemp LoadMaster < 7.1-16 - Bash Script Injection via Web User Interface
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
by Roberto Suggi Liverani
CVSS 8.8
WordPress Plugin WP Easy Slideshow 1.0.3 - Multiple Vulnerabilities
by Divya
WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload
by Larry W. Cashdollar
WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
by Larry W. Cashdollar
WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities
by Divya
Simple Ads Manager < 2.5.94 - Unauthenticated Arbitrary File Upload via sam-ajax-admin.php
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.
by ITAS Team
Simple Ads Manager < 2.7.97 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
by ITAS Team
By Source