Text Exploits
31,394 exploits tracked across all sources.
Eshtery CMS - Path Traversal via File Parameter in FileManager.aspx
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
by peng.deng
CVSS 7.5
Stark CRM 1.0 - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
by LiquidWorm
Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities
by Vulnerability-Lab
Lotus Sametime 8.5.1 - Password Disclosure
by Adriano Marcio Monteiro
WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal
by Tom Adams
WordPress Plugin BP Group Documents 1.2.1 - Multiple Vulnerabilities
by Tom Adams
Embedthis Goahead WebServer 3.1.3-0 - Multiple Vulnerabilities
by Maksymilian Motyl
D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery
by Dhruv Shah
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting
by Vulnerability-Lab
My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection
ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information.
by Usman Saeed
CVSS 6.1
Joomla! Component com_wire_immogest - 'index.php' SQL Injection
by MR.XpR
synetics i-doit pro <1.2.5 - SQL Injection
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
by Stephan Rickauer
Office Assistant Pro 2.2.2 iOS - Local File Inclusion
by Vulnerability-Lab
Trendchip HG520 ADSL2+ Wireless Modem - Cross-Site Request Forgery
by Dhruv Shah
CA 2E Web Option r8.1.2 - Session Hijacking via Predictable Session Token Substring
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
by Mike Emery
jDisk (stickto) 2.0.3 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities
by Andrew Horton
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
by Fara Rustein
By Source