Text Exploits
31,337 exploits tracked across all sources.
Sendy - SQL Injection
SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.
by delme
XCloner Standalone <3.5 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.
by High-Tech Bridge SA
Xcloner < 3.5 - Code Injection
XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.
by High-Tech Bridge SA
OrbitScripts Orbit Open Ad Server <1.1.1 - SQL Injection
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.
by High-Tech Bridge SA
Quick.CMS 5.4 - Multiple Vulnerabilities
by Shpend Kurtishaj
Joomla! Component Inneradmission - 'index.php' SQL Injection
by Lazmania61
Halon Security Router (SR) 3.2-winter-r1 - Multiple Vulnerabilities
by Juan Manuel Garcia
XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities
by hackerDesk
Notepad++ DSpellCheck 1.2.12.0 - Denial of Service
by sajith
InfraRecorder 0.53 - Memory Corruption (Denial of Service)
by sajith
Puntopy - 'novedad.php' SQL Injection
by Felipe Andrian Peixoto
PHPFox <3.7.5 - Auth Bypass
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
by Wesley Henrique
WordPress XCloner <3.1.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
by High-Tech Bridge SA
A10 Networks ACOS <2.7.0-p6, <2.7.1-P1_55 - Buffer Overflow
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.
by Francesco Perna
Oracle Identity Manager - Improper Input Validation
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
by Giuseppe D'Amore
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities
by Blessen Thomas
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ZamFoo - Multiple Remote Command Execution Vulnerabilities
by Al-Shabaab
Construtiva Cis Manager Cms - SQL Injection
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
by felipe andrian
By Source