Text Exploits
31,394 exploits tracked across all sources.
D-Link DIR-505 1.06 - Multiple Vulnerabilities
by Alessandro Di Pinto
Zyxware Health Monitoring System - Multiple Vulnerabilities
by Sarahma Security
Moodle < 2.2.11, 2.3.x < 2.3.9, 2.4.x < 2.4.6, 2.5.x < 2.5.2 - Cross-Site Scripting via RSS Feed Blog Link
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
by Ciaran McNally
Sophos Web Appliance <3.7.9.1, <3.8-3.8.1.1 - Privilege Escalation
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
by Core Security
Safari < 6.0.1 - Remote Code Execution via JavaScript Array Race Condition
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
by Vitaliy Toropov
IndiaNIC Testimonial Plugin 2.2 - Cross-Site Request Forgery via Admin Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php.
by RogueCoder
Oracle Java SE <7u21,6u45,5u45 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
by GuHe
IndiaNIC Testimonial plugin 2.2 - SQL Injection via custom_query Parameter
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.
by RogueCoder
Oracle Java - ByteComponentRaster.verify() Memory Corruption
by Packet Storm
appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities
by Yashar shahinzadeh
AVTECH AVN801 DVR Firmware - Authentication Bypass via Captcha
AVTECH AVN801 DVR has a security bypass via the administration login captcha
by Core Security
CVSS 9.8
AloahaPDFViewer <5.0.0.7 - Buffer Overflow
Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.
by Marcos Accossatto
Loftek Nexus 543 IP Camera - Info Disclosure
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.
by Craig Young
CVSS 7.5
Loftek Nexus 543 Firmware - Cross-Site Request Forgery via set_users.cgi
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
by Craig Young
CVSS 8.8
Loftek Nexus 543 Firmware - Unauthenticated Path Traversal via URL
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request.
by Craig Young
CVSS 7.5
Joomla! Component com_virtuemart 2.0.22a - SQL Injection
by Matias Fontanini
By Source