Text Exploits
31,337 exploits tracked across all sources.
GS Foto Uebertraeger 3.0 iOS - Local File Inclusion
by Vulnerability-Lab
Illustrate Dbpoweramp Audio Player - Buffer Overflow
Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields.
by GulfTech Security
TYPO3 dmmjobcontrol <2.14.0 - SQL Injection
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.
by Adler Freiheit
WordPress <3.2.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.
by dxw
All In One WP Security & Firewall <3.8.3 - SQL Injection
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
OSClass <3.4.2 - Path Traversal
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
by Netsparker
C97 Cart Engine < 3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php.
by Quantum Leap
Google Chrome < 39.0.2171.45 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Stephane Chazelas
Webedition Cms < 6.3.8.0 - Path Traversal
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
by High-Tech Bridge SA
Restaurant Script PizzaInn_Project 1.0.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter.
by Kenneth F. Belva
Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion
by Securify
Kneuro Littlesite.php - Path Traversal
Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Eolas_Gadai
M/Monit <3.3.2 - Privilege Escalation
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
by Dolev Farhi
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection
by Dave
M/Monit <3.3.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
by Dolev Farhi
Livefyre LiveComments 3.0 - XSS
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
by Brij Kishore Mishra
CVSS 6.1
Classapps Selectsurvey.net < 4.125.001 - SQL Injection
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
by BillV-Lists
Laravel - 'Hash::make()' Password Truncation Security
by Pichaya Morimoto
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Daniele Linguaglossa
CVSS 9.8
CacheGuard OS 5.7.7 - CSRF
Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users.
by William Costa
Briefcase 4.0 iOS - Code Execution / File Inclusion
by Vulnerability-Lab
WordPress Plugin Wordfence Security - Multiple Vulnerabilities
by Voxel@Night
By Source