Text Exploits
31,337 exploits tracked across all sources.
WordPress Plugin FlagEm - 'cID' Cross-Site Scripting
by IeDb ir
MLM (Multi Level Marketing) Script - Multiple Vulnerabilities
by 3spi0n
Barracuda LB / SVF / WAF / WEF - Multiple Vulnerabilities
by Vulnerability-Lab
Dell PacketTrap PSA 7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
Xibo - Path Traversal
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
by Mahendra
Anchor CMS 0.9.1 - XSS
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.
by DURAKIBOX
Flux Player 3.1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
ePhoto Transfer 1.2.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Barracuda CudaTel - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
Dell Kace 1000 SMA 5.4.70402 - Persistent Cross-Site Scripting
by Vulnerability-Lab
Apache Struts < 2.3.15.1 - Improper Input Validation
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
by Takeshi Terada
Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
FTP Sprite 1.2.1 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
BMC Service Desk Express 10.2.1.95 - SQL Injection
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.
by Nuri Fattah
McAfee ePolicy Orchestrator <4.6.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
by Nuri Fattah
WordPress Plugin Spicy Blogroll - Local File Inclusion
by Ahlspiess
BMC Service Desk Express 10.2.1.95 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
by Nuri Fattah
Genetech Solutions Pie-Register <1.31 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.
by gravitylover
By Source