Text Exploits
31,394 exploits tracked across all sources.
OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections
by Saadi Siddiqui
InterWorx Web Control Panel <5.0.14 - SQL Injection
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
by Eric Flokstra
Apache CouchDB < 1.5.0 - Denial of Service via /_uuids Count Parameter
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
by Krusty Hack
Allied Telesis AT-RG634A, iMG624A, iMG616LH, iMG646BD - Unauthenticated Remote Code Execution via CLI Interface
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
by Groundworks Technologies
DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution
by Felipe Andrian Peixoto
Beheer Systeem - 'pbs.cgi' Remote Command Execution
by Felipe Andrian Peixoto
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion
by Gjoko Krstic
Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure
by LiquidWorm
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion
by LiquidWorm
Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass
by LiquidWorm
Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting
by Jeroen - IT Nerdbox
Symphony CMS < 2.3.2 - Cross-Site Request Forgery via SQL Injection in Authors Sort Parameter
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
by High-Tech Bridge
BigDump 0.29b - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable Extension Bypass
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.
by felipe andrian
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
by Brandon Perry
innoEDIT - 'innoedit.cgi' Remote Command Execution
by Felipe Andrian Peixoto
OXID eShop <4.7.11-4.8.4, <5.0.11-5.1.4 - CRLF Injection
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
by //sToRm
CVSS 6.1
Wireless Drive 1.1.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
McAfee Asset Manager 6.6 - SQL Injection
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
by Brandon Perry
By Source