Text Exploits
31,337 exploits tracked across all sources.
WordPress Theme SAICO 1.0 < 1.0.2 - Arbitrary File Upload
by Byakuya Kouta
ASF Demux for VideoLAN VLC Media Player 2.0.x - Denial of Service (PoC)
by Pedro Ribeiro
WordPress Theme Daily Deal - Arbitrary File Upload
by DevilScreaM
Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation
by Ahmad Moghimi
Course Registration Management System - Cross-Site Scripting / SQL Injection
by Omar Kurt
Apache Shindig < 2.5.0-update1 - Information Disclosure
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Kousuke Ebihara
iTop 1.1.181-1.2.0-RC-282 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Halim Cruzito
WordPress Theme Area53 - Arbitrary File Upload
by Byakuya Kouta
Elite Graphix ElitCMS 1.01 / PRO - Multiple Web Vulnerabilities
by Vulnerability-Lab
WordPress Plugin Realty - Blind SQL Injection
by Napsterakos
WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
by Zy0d0x
Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection
by Easy Laster
WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting
by TheXero
Oracle GlassFish Server <12.1.2 - Info Disclosure
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
by Alex Kouzemtchenko
DornCMS Application 1.4 - Multiple Web Vulnerabilities
by Vulnerability-Lab
UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion
by Vulnerability-Lab
My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
Apple iOS <7 - Info Disclosure
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
by Vulnerability-Lab
Cart66 Lite Plugin < 1.5.1.14 - CSRF
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.
by absane
Cart66 Lite Plugin < 1.5.1.14 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
by absane
CVSS 6.1
StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading
by spiderboy
By Source