Text Exploits
31,337 exploits tracked across all sources.
Innovative vtls-Virtua <2014.1.1 - SQL Injection
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
by José Tozo
PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Ragha Deepthi K R
Innovaphone Pbx < 10.00 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.
by Rainer Giedat
WordPress Plugin KenBurner Slider - 'admin-ajax.php' Arbitrary File Download
by MF0x
Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities
by Samandeep Singh
LiveWorld products - XSS
Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa.
by GulfTech Security
MyAwards MyBB Module - Cross-Site Request Forgery
by Vagineer
MyBB 1.8 Beta 3 - Multiple Vulnerabilities
by DemoLisH B3yaZ
Freereprintables Articlefr < 3.0.4 - SQL Injection
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
by High-Tech Bridge
ManageEngine - SQL Injection
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
by Pedro Ribeiro
WP Content Source Control < 3.0.0 - Path Traversal
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
by Henri Salo
Tenda A5s Firmware - Access Control
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
by zixian
Gb-plugins GB Gallery Slideshow - SQL Injection
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
by Claudio Viviani
TomatoCart <1.1.8.6.1 - SQL Injection
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
by Breaking.Technology
PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion
by Vulnerability-Lab
Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm
by Matt O'Connor
HybridAuth <2.2.2 - RCE
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated attacker can inject arbitrary PHP code into config.php, which is later executed when the file is loaded. This allows attackers to achieve remote code execution on the server. Exploitation of this issue will overwrite the existing configuration, rendering the application non-functional.
by @u0x
Prochatrooms Text Chat Rooms - SQL Injection
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
by Mike Manzotti
WordPress Plugin wpSS - 'ss_handler.php' SQL Injection
by Ashiyane Digital Security Team
PRO Chat Rooms Text Chat Rooms - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.
by Mike Manzotti
By Source