Text Exploits
31,394 exploits tracked across all sources.
Lazy SEO 1.1.9 - Unauthenticated Arbitrary File Upload and Remote Code Execution via lazyseo.php
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.
by Ashiyane Digital Security Team
Joomla! Component JVideoClip 1.5.1 - 'uid' SQL Injection
by SixP4ck3r
vtiger CRM < 5.4.0 - Authenticated SQL Injection via onlyforuser Parameter
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
by High-Tech Bridge SA
WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities
by MustLive
WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities
by MustLive
WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities
by MustLive
Gallery Manager Plugin < 3.3.4 rev40279 - Unauthenticated Arbitrary File Upload and RCE via upload-images.php
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
by Vulnerability-Lab
OpenEMR < 4.1.1 Patch 14 - SQL Injection
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
by xistence
CVSS 8.8
Oracle Java SE <7u21,6u45,5u45 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
by Packet Storm
WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities
by MustLive
Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities
by xistence
GNOME Vino < 3.7.3 - Denial of Service via Authentication Error Handling
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.
by Trustwave's SpiderLabs
Router ONO Hitron CDE-30364 - Cross-Site Request Forgery
by Matias Mingorance Svensson
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by Yashar shahinzadeh
WordPress Plugin mukioplayer4wp - 'cid' SQL Injection
by Ashiyane Digital Security Team
Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
by Vulnerability-Lab
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
by Andrea Fabrizi
Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
D-Link DSL-2740B Firmware EU_1.00 - Cross-Site Request Forgery via Wireless MAC Filter, Firewall, or Remote Management
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.
by Ivano Binetti
glFusion 1.3.0 - 'search.php?cat_id' SQL Injection
by Omar Kurt
eTransfer Lite - 'file name' HTML Injection
by Benjamin Kunz Mejri
By Source