Text Exploits
31,337 exploits tracked across all sources.
Itechscripts Itechclassifieds - SQL Injection
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
by vinicius777
Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection
by vinicius777
Citrix GoToMeeting <5.0.799.1238 - Info Disclosure
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
by Claudio J. Lacayo
Web Video Streamer - Multiple Vulnerabilities
by Eric Sesterhenn
Imageview - 'upload.php' Arbitrary File Upload
by TUNISIAN CYBER
MuPDF <1.3 - Buffer Overflow
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
by Jean-Jamil Khalife
Teracom T2-b-gawv1.4u10y-bi - XSS
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
by Rakesh S
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
by Ashiyane Digital Security Team
BloofoxCMS 0.5.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion
by AtT4CKxT3rR0r1ST
BloofoxCMS - '/bloofox/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
Joomla! com_sexypolling <1.0.9 - SQL Injection
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
by High-Tech Bridge
PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities
by HackXBack
PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities
by HackXBack
PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities
by HackXBack
O-dyn Collabtive < 1.1 - SQL Injection
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
by Yogesh Phadtare
Phpjabbers Appointment Scheduler - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller.
by HackXBack
Eviware Soapui < 4.6.3 - Code Injection
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
by Barak Tawily
PHPJabbers Job Listing Script - Multiple Vulnerabilities
by HackXBack
By Source