Text Exploits
31,337 exploits tracked across all sources.
Xcloner - Information Disclosure
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
by Larry W. Cashdollar
vldPersonals <2.7.1 - SQL Injection
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
by Mr T
Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities
by Halil Dalabasmaz
phpSound 1.0.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php.
by Halil Dalabasmaz
Php-fusion - SQL Injection
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
by XLabs Security
Manageengine Password Manager Pro < 7.1 - SQL Injection
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.
by Pedro Ribeiro
Zohocorp Manageengine Social IT Plus - SQL Injection
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
by Pedro Ribeiro
Barracuda - Multiple Unauthentication Logfile Downloads
by 4CKnowLedge
Zohocorp Manageengine Social IT Plus - SQL Injection
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
by Pedro Ribeiro
VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
by KoreLogic
Symantec Endpoint Protection Manager <12.1 - RCE
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
by SEC Consult
Mouse Media Script 1.6 - Persistent Cross-Site Scripting
by Halil Dalabasmaz
MODX Revolution <2.2.15 - Info Disclosure
MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
by Narendra Bhati
Zohocorp Manageengine Eventlog Analyzer - Insufficiently Protected ...
ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.
by Pedro Ribeiro
CVSS 7.5
Google Chrome < 39.0.2171.45 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Ryan King (Starfall)
Php Scriptlerim Who's Who - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.
by ZoRLu Bugrahan
Progress Openedge - Path Traversal
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.
by XLabs Security
ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Persistent Cross-Site Scripting
by Ravi Rajput
Konke Smart Plug K - Info Disclosure
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
by gamehacker
CVSS 9.8
Enalean Tuleap <7.5.99.6 - RCE
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
by Portcullis
Enalean Tuleap <7.5.99.4 - SQL Injection
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
by Portcullis
By Source