Text Exploits
31,394 exploits tracked across all sources.
Oracle Identity Manager 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2 - Open Redirect via backUrl Parameter
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
by Giuseppe D'Amore
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities
by Blessen Thomas
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ZamFoo - Multiple Remote Command Execution Vulnerabilities
by Al-Shabaab
CIS Manager CMS - SQL Injection via TroncoID Parameter
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
by felipe andrian
PhonerLite < 2.15 - Password Hash Disclosure via SIP Digest Leak
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
by Jason Ostrom
CVSS 7.5
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
by Brandon Perry
Ajax Pagination (twitter Style) <1.1 - Path Traversal
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
by Glyn Wintle
CVSS 7.5
plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak
by neglomaniac
EMC Cloud Tiering Appliance 10-SP1 - XML External Entity Injection via API Login Request
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
by Brandon Perry
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Primo Interactive CMS - 'pcm.cgi' Remote Command Execution
by Felipe Andrian Peixoto
iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Joomla! Component Kunena 3.0.4 - Persistent Cross-Site Scripting
by Qoppa
SonicWALL Email Security Appliance < 7.4.5 - Authenticated Cross-Site Scripting via Upload Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
by Vulnerability-Lab
Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Easy FileManager 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
By Source