Text Exploits
31,337 exploits tracked across all sources.
Embedthis Goahead WebServer 3.1.3-0 - Multiple Vulnerabilities
by Maksymilian Motyl
D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery
by Dhruv Shah
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting
by Vulnerability-Lab
My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection
ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information.
by Usman Saeed
CVSS 6.1
Joomla! Component com_wire_immogest - 'index.php' SQL Injection
by MR.XpR
synetics i-doit pro <1.2.5 - SQL Injection
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
by Stephan Rickauer
Office Assistant Pro 2.2.2 iOS - Local File Inclusion
by Vulnerability-Lab
Trendchip HG520 ADSL2+ Wireless Modem - Cross-Site Request Forgery
by Dhruv Shah
Broadcom 2E Web Option - Improper Input Validation
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
by Mike Emery
jDisk (stickto) 2.0.3 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities
by Andrew Horton
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
by Fara Rustein
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
by Fara Rustein
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
by Fara Rustein
Tableausoftware Tableau Server - SQL Injection
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
by Trustwave's SpiderLabs
WordPress Plugin Frontend Upload - Arbitrary File Upload
by Daniel Godoy
Buddypress <1.9.2 - Privilege Escalation
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
by Pietro Oliva
CVSS 6.5
WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery
by killall-9
By Source