Text Exploits
31,394 exploits tracked across all sources.
Advanced Guestbook - 'addentry.php' Arbitrary File Upload
by Ashiyane Digital Security Team
McAfee SuperScan 4.0 - Cross-Site Scripting via UTF-7 Encoded Server Response
Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.
by Trustwave's SpiderLabs
WordPress Plugin Usernoise 3.7.8 - Persistent Cross-Site Scripting
by RogueCoder
WordPress Plugin Booking Calendar 4.1.4 - Cross-Site Request Forgery
by Dylan Irzi
Joomla! Component com_sectionex 2.5.96 - SQL Injection
by Matias Fontanini
Apache suEXEC - Information Disclosure / Privilege Escalation
by kingcope
FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Hikvision DS-2CD7153-E <4.1.0 b130111 - Buffer Overflow
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.
by Core Security
Kwoksys Kwok Info Server <2.8.5 - SQL Injection
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.
by Yogesh Phadtare
nmap < 6.40 - Arbitrary File Write via http-domino-enum-passwords.nse Script
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.
by Piotr Duszynski
RiteCMS 1.0.0 - Cross-Site Request Forgery via Administrator Password Change
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
by Yashar shahinzadeh
StarUML - Buffer Overflow in ToDot Method via Long Argument
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
by d3b4g
RiteCMS 1.0.0 - Authenticated Cross-Site Scripting via Mode Parameter
Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.
by Yashar shahinzadeh
Electronic Arts Karotz Smart Rabbit <12.07.19.00 - Code Injection
Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking
by Trustwave's SpiderLabs
CVSS 6.3
MiCasaVerde VeraLite <1.5.408 - SSRF
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.
by Trustwave's SpiderLabs
CVSS 9.8
MiCasaVerde VeraLite <1.5.408 - RCE
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
by Trustwave's SpiderLabs
CVSS 8.8
MiCasaVerde VeraLite <1.5.408 - Privilege Escalation
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
by Trustwave's SpiderLabs
CVSS 8.1
MiCasaVerde VeraLite <1.5.408 - Path Traversal
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
by Trustwave's SpiderLabs
CVSS 6.5
vtiger CRM < 5.4.0 - Local File Inclusion and Remote Code Execution via customerportal.php
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
by EgiX
CVSS 8.1
Agnitum Outpost Internet Security 8.1 - Privilege Escalation
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.
by Ahmad Moghimi
Oracle Hyperion <11.1.2.305 - Info Disclosure
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service.
by Richard Warren
TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash (PoC)
by d3b4g
WordPress Plugin Better WP Security 3.4.8/3.4.9/3.4.10/3.5.2/3.5.3 - Persistent Cross-Site Scripting
by Richard Warren
vtiger CRM 5.1.0-5.4.0 - Authentication Bypass via Improper Session Validation
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
by EgiX
CVSS 9.8
By Source