Text Exploits
31,337 exploits tracked across all sources.
Commscope Arris Sbg901 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.
by Blessen Thomas
Yealink Sip-t38g - OS Command Injection
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
by Mr.Un1k0d3r
Yealink Sip-t38g - OS Command Injection
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
by Mr.Un1k0d3r
Yealink Sip-t38g - Path Traversal
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
by Mr.Un1k0d3r
netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service
by A reliable source
PostgreSQL <8.5alpha2 - DoS
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
by Bernt Marius Johnsen
Yealink Sip-t38g - Path Traversal
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
by Mr.Un1k0d3r
Yealink Sip-t38g - Credentials Management
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
by Mr.Un1k0d3r
Yealink VoIP Phones <28.72.0.2 - CRLF Injection
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
by Jesus Oquendo
IBM AIX 6.1/7.1 & VIOS 2.2.x - Local Privilege Escalation
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
by Portcullis
SHOUTcast DNAS 2.2.1 - XSS
Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.
by rob222
ZeroCMS 1.0 - SQL Injection
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
by LiquidWorm
JW Player <2.1.4 - CSRF
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
by Tom Adams
WordPress Featured Comments 1.2.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.
by Tom Adams
WebTitan <4.04 - SQL Injection
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
by SEC Consult
eFront 3.6.14.4 - XSS
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
by shyamkumar somana
Devexpress Aspxfilemanager Control For Webforms And Mvc < 13.1.9 - Path Traversal
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
by RedTeam Pentesting
WordPress Theme Infocus - '/infocus/lib/scripts/dl-skin.php' Local File Disclosure
by Felipe Andrian Peixoto
Foreman <1.4.5, <1.5.1 - Command Injection
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
by Lukas Zapletal
Ipswitch Imail Server - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.
by Peru
TigerCom My Assistant 1.1 iOS - Local File Inclusion
by Vulnerability-Lab
By Source