Text Exploits
31,337 exploits tracked across all sources.
Bluetooth Photo-File Share 2.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Participants Database <1.5.4.9 - SQL Injection
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
by Yarubo Research Team
Huawei Webui - CSRF
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.
by Benjamin Daniel Mussler
AuraCMS 3.0 - Path Traversal
Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.
by Mustafa ALTINKAYNAK
WP Rss Poster <1.0.0 - SQL Injection
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
by Anant Shrivastava
Tera Charts 0.1 - Path Traversal
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
by Anant Shrivastava
Tera Charts 0.1 - Path Traversal
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
by Anant Shrivastava
Hdwplayer Hdw-player-video-player-video-gallery - SQL Injection
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php.
by Anant Shrivastava
ENL Newsletter <1.0.1 - SQL Injection
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
by Anant Shrivastava
BookX plugin 1.7 - Path Traversal
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Anant Shrivastava
webEdition CMS <6.3.8-s1 - SQL Injection
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
by RedTeam Pentesting GmbH
Sharetronix < 3.3 - SQL Injection
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.
by High-Tech Bridge SA
AuraCMS <3.0 - XSS
Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.
by Mustafa ALTINKAYNAK
Castor < 1.3.2 - XXE
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
by Ron Gutierrez
Videos Tube 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
by Mustafa ALTINKAYNAK
Zyxel P-660HW-T1 v3 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.
by Mustafa ALTINKAYNAK
Debian Dpkg-dev - Path Traversal
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.
by Raphael Geissert
PHP-Nuke 8.3 - SQL Injection
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
by ali ahmady
Mayan-edms Mayan Edms - XSS
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.
by Dolev Farhi
Web Terra 1.1 - 'books.cgi' Remote Command Execution
by felipe andrian
Dotonpaper Booking System < 1.2 - SQL Injection
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
by maodun
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
by Samandeep Singh
Clipperz Password Manager - '/backend/PHP/src/setup/rpc.php' Remote Code Execution
by Manish Tanwar
By Source