Text Exploits
31,394 exploits tracked across all sources.
DDSN Interactive cm3 Acora CMS - Info Disclosure
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
by Pedro Andujar
Loftek Nexus 543 Firmware - Unauthenticated Sensitive Information Exposure via get_realip.cgi and get_status.cgi
The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi.
by Craig Young
CVSS 7.5
Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution
by Aodrulez
SearchBlox < 7.5 - Exposure of Sensitive Information via CollectionListServlet
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
by Ricky Roane Jr
DeWeS web server <0.4.2 - Path Traversal
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
by High-Tech Bridge SA
Ovidentia 6.6.5 - SQL Injection via Item Parameter in Contact Modify Action
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
by LiquidWorm
CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities
by Dylan Irzi
VMware Workstation 8.x-9.x and Player 4.x-5.x - Privilege Escalation via PATH lsb_release Hijacking
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.
by Tavis Ormandy
Samba 3.x-3.5.21, 3.6.x-3.6.16, 4.x-4.0.7 - Denial of Service via Malformed NTTRANS Packet
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
by x90c
Adobe ColdFusion 9.0-9.0.2, 10 - Unauthenticated Authentication Bypass and Remote Code Execution via RDS Component
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
by Scott Buckel
CVSS 9.8
Oracle Java - 'BytePackedRaster.verify()' Signed Integer Overflow
by Packet Storm
Xibo 1.4.2 - Cross-Site Scripting via Layout Parameter
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
by Jacob Holcomb
WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities
by Yashar shahinzadeh
DeWeS web server <0.4.2 - Path Traversal
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
by High-Tech Bridge
Sitecom N300/N600 Devices - Multiple Vulnerabilities
by Roberto Paleari
Samsung Smart Viewer - Unauthenticated Authentication Bypass via SessionID Cookie
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
by Andrea Fabrizi
Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection
by Ashiyane Digital Security Team
IBM Avocent 1754 KVM - Command Injection
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.
by Alejandro Alvarez Bravo
Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
AlgoSec Firewall Analyzer 6.1-b86 - XSS
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Asheesh kumar Mani Tripathi
Oracle Java - 'IntegerInterleavedRaster.verify()' Signed Integer Overflow
by Packet Storm
Spitfire CMS 1.1.4 - Cross-Site Request Forgery
by Yashar shahinzadeh
By Source