Text Exploits
31,337 exploits tracked across all sources.
Dynamic Biz Website Builder - SQL Injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
by R3d-D3V!L
Dynamic Biz Website Builder - SQL Injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
by R3d-D3V!L
WHMCompleteSolution (WHMCS) 4.x/5.x - Multiple Web Vulnerabilities
by AhwAk20o0 --
KikChat - Local File Inclusion / Remote Code Execution
by cr4wl3r
Cythosia 2.x Botnet (C2 Web Panel) - SQL Injection
by GalaxyAndroid
Pentagram Cerberus P 6363 DSL Router - Multiple Vulnerabilities
by condis
JBoss EAP/EWP/BRMS/SOA <5.2.0-5.3.1 - RCE
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
by rgod
IcoFX <2.5 - Buffer Overflow
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
by Core Security
Veno File Manager - 'q' Arbitrary File Download
by Daniel Godoy
eFront 3.6.14 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
by sajith
eduTrac <1.1.2 - Path Traversal
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
by High-Tech Bridge
Ryan Ohara Piranha - Access Control
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
by Andreas Schiermeier
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
PlaySms 0.9.9.2 - Cross-Site Request Forgery
by Saadi Siddiqui
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Download Mgr <2.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
by Jeroen - IT Nerdbox
Print n Share 5.5 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
Apple Safari For Windows - PhishingAlert Security Bypass
by Jackmasa
WordPress Plugin Easy Career Openings - 'jobid' SQL Injection
by Iranian_Dark_Coders_Team
WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure
by aceeeeeeeer .
NeoBill 0.9-alpha - 'language' Local File Inclusion
by KedAns-Dz
Enorth Webpublisher Cms < 5.0 - SQL Injection
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
by xin.wang
By Source