Text Exploits
31,394 exploits tracked across all sources.
Php Scriptlerim Who's Who - Cross-Site Request Forgery via Admin Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.
by ZoRLu Bugrahan
Progress OpenEdge 11.2 - Path Traversal via reportViewAction.jsp Selection Parameter
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.
by XLabs Security
ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Persistent Cross-Site Scripting
by Ravi Rajput
Konke Smart Plug K - Info Disclosure
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
by gamehacker
CVSS 9.8
Tuleap < 7.5.99.6 - Remote Code Execution via User-Agent Header
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
by Portcullis
Enalean Tuleap <7.5.99.4 - SQL Injection
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
by Portcullis
Enalean Tuleap <7.2 - Info Disclosure
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
by Portcullis
Compal Broadband Networks CH6640E/CG6640E Wireless Gateway 1.0 - In...
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
by LiquidWorm
Compal Broadband Networks CH6640E-CH6640-3.5.11.7-NOSH - Auth Bypass
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.
by LiquidWorm
Compal Broadband Networks CH6640E/CG6640E Wireless Gateway 1.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.
by LiquidWorm
Compal Broadband Networks (CBN) CH6640E/CG6640E Wireless Gateway 1....
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.
by LiquidWorm
Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04 - Authentication Bypass via MatchPasswordData Function
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
by Giuseppe D'Amore
CVSS 7.8
CP Multi View Event Calendar 1.01 - SQL Injection via calid Parameter
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
by Claudio Viviani
GNU Bash through 4.3 bash43-026 - Remote Code Execution via Environment Variable Function Parsing
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
by Michal Zalewski
Mule Enterprise Management Console - Privilege Escalation
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.
by Brandon Perry
Folder Plus 2.5.1 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
Compal Broadband Networks CH6640E and CG6640E Wireless Gateway 1.0 - Denial of Service via wirelessChannelStatus.html
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.
by LiquidWorm
MAGMI < 0.7.17a - Authenticated Remote Code Execution via ZIP File Upload
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
by Parvinder Bhasin
Dell EqualLogic PS4000 <6.0 - Path Traversal
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
by XLabs Security
Axway SecureTransport < 5.1 - Cross-Site Request Forgery via File Upload API
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.
by Emmanuel Law
iBackup < 10.0.0.32 - Local Privilege Escalation via Weak Service Permissions
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
by Glafkos Charalambous
By Source