Text Exploits
31,337 exploits tracked across all sources.
Vmware Workstation - Access Control
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.
by Tavis Ormandy
Samba - Numeric Error
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
by x90c
Adobe ColdFusion <10 - Auth Bypass
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
by Scott Buckel
CVSS 9.8
Oracle Java - 'BytePackedRaster.verify()' Signed Integer Overflow
by Packet Storm
Digital Signage Xibo 1.4.2 - XSS
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
by Jacob Holcomb
WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities
by Yashar shahinzadeh
DeWeS web server <0.4.2 - Path Traversal
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
by High-Tech Bridge
Sitecom N300/N600 Devices - Multiple Vulnerabilities
by Roberto Paleari
Samsung Smart Viewer - Authentication Bypass
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
by Andrea Fabrizi
Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection
by Ashiyane Digital Security Team
IBM Avocent 1754 KVM - Command Injection
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.
by Alejandro Alvarez Bravo
Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
AlgoSec Firewall Analyzer 6.1-b86 - XSS
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Asheesh kumar Mani Tripathi
Oracle Java - 'IntegerInterleavedRaster.verify()' Signed Integer Overflow
by Packet Storm
Spitfire CMS 1.1.4 - Cross-Site Request Forgery
by Yashar shahinzadeh
Pligg CMS 2.0.0rc2 - Cross-Site Request Forgery (File Creation)
by DaOne
Vtiger Crm < 6.0.0 - Path Traversal
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
by DaOne
DotNetNuke <10.1 - SQL Injection
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
by Sajjad Pourali
Alibaba Clone Tritanium Version - 'news_desc.html' SQL Injection
by IRAQ_JAGUAR
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion
by Takeshi Terada
By Source