Text Exploits
31,394 exploits tracked across all sources.
iScripts AutoHoster - SQL Injection
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
by i-Hmx
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Osclass - Multiple Input Validation Vulnerabilities
by R3d-D3V!L
Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections
by R3d-D3V!L
ProJoom Smart Flash Header < 3.0.2 - Unauthenticated Arbitrary File Upload via Crafted Dest and Filename Parameters
views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.
by Yuri Kramarz
CVSS 8.8
Nagios XI < 2012r2.4 - SQL Injection via tfPassword Parameter
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
by Denis Andzakovic
Dynamic Biz Website Builder - SQL Injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
by R3d-D3V!L
Dynamic Biz Website Builder - SQL Injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
by R3d-D3V!L
WHMCompleteSolution (WHMCS) 4.x/5.x - Multiple Web Vulnerabilities
by AhwAk20o0 --
KikChat - Local File Inclusion / Remote Code Execution
by cr4wl3r
Cythosia 2.x Botnet (C2 Web Panel) - SQL Injection
by GalaxyAndroid
Pentagram Cerberus P 6363 DSL Router - Multiple Vulnerabilities
by condis
JBoss EAP < 5.2.0 - Unauthenticated Remote Code Execution via JMX/EJB Invoker
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
by rgod
IcoFX < 2.5 - Remote Code Execution via Long idCount in ICONDIR Structure
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
by Core Security
Veno File Manager - 'q' Arbitrary File Download
by Daniel Godoy
eFront 3.6.14 - Authenticated Stored Cross-Site Scripting via Administrator Fields
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
by sajith
7mediaws eduTrac < 1.1.2 - Path Traversal via Installer Overview showmask Parameter
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
by High-Tech Bridge
Piranha Configuration Tool 0.8.6 - Unauthenticated Configuration Access via HTTP POST Request
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
by Andreas Schiermeier
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
PlaySms 0.9.9.2 - Cross-Site Request Forgery
by Saadi Siddiqui
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Download Mgr <2.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
by Jeroen - IT Nerdbox
By Source