Text Exploits
31,394 exploits tracked across all sources.
StackIdeas Komento < 1.7.3 - Cross-Site Scripting via Website or Latitude Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
by High-Tech Bridge SA
JV Comment (com_jvcomment) < 3.0.3 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
by High-Tech Bridge SA
Franklin Fueling Systems TS-550 evo <2.4.0 - Privilege Escalation
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
by Trustwave's SpiderLabs
Simple e-document 1.31 - SQL Injection via Username Parameter
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by vinicius777
iTechClassifieds 3.03.057 - SQL Injection via ChangeEmail.php PreviewNum Parameter
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
by vinicius777
Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection
by vinicius777
Citrix GoToMeeting <5.0.799.1238 - Info Disclosure
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
by Claudio J. Lacayo
Web Video Streamer - Multiple Vulnerabilities
by Eric Sesterhenn
Imageview - 'upload.php' Arbitrary File Upload
by TUNISIAN CYBER
MuPDF < 1.3 - Remote Code Execution via XPS ContextColor Path Attribute
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
by Jean-Jamil Khalife
Teracom T2-B-Gawv1.4U10Y-BI - Cross-Site Scripting via essid Parameter
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
by Rakesh S
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
by Ashiyane Digital Security Team
BloofoxCMS 0.5.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion
by AtT4CKxT3rR0r1ST
BloofoxCMS - '/bloofox/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
Joomla! com_sexypolling <1.0.9 - SQL Injection
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
by High-Tech Bridge
By Source