Text Exploits
31,394 exploits tracked across all sources.
ILIAS eLearning CMS 4.3.4 < 4.4 - Persistent Cross-Site Scripting
by Vulnerability-Lab
IZON IP 2.0.2 - Use of Hard-coded Credentials
IZON IP 2.0.2: hard-coded password vulnerability
by Mark Stanislav
CVSS 9.8
WordPress Theme Curvo - Cross-Site Request Forgery / Arbitrary File Upload
by Byakuya Kouta
Canonical Ubuntu Linux < 0.24.1 - Improper Input Validation
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
by Daniel Kahn Gillmor
WordPress Theme SAICO 1.0 < 1.0.2 - Arbitrary File Upload
by Byakuya Kouta
ASF Demux for VideoLAN VLC Media Player 2.0.x - Denial of Service (PoC)
by Pedro Ribeiro
WordPress Theme Daily Deal - Arbitrary File Upload
by DevilScreaM
Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation
by Ahmad Moghimi
Course Registration Management System - Cross-Site Scripting / SQL Injection
by Omar Kurt
Apache Shindig 2.5.0-beta1-2.5.0 - XML External Entity Injection in Gadget Renderer
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Kousuke Ebihara
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Halim Cruzito
WordPress Theme Area53 - Arbitrary File Upload
by Byakuya Kouta
Elite Graphix ElitCMS 1.01 / PRO - Multiple Web Vulnerabilities
by Vulnerability-Lab
WordPress Plugin Realty - Blind SQL Injection
by Napsterakos
WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
by Zy0d0x
Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection
by Easy Laster
WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting
by TheXero
Oracle GlassFish Server <12.1.2 - Info Disclosure
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
by Alex Kouzemtchenko
DornCMS Application 1.4 - Multiple Web Vulnerabilities
by Vulnerability-Lab
By Source