Text Exploits
31,348 exploits tracked across all sources.
Openx < 2.8.10 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
by High-Tech Bridge SA
OpenX 2.8.10 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
by High-Tech Bridge SA
Kasseler-cms < 2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.
by High-Tech Bridge SA
Mobile Atlas Creator 1.9.12 - Persistent Command Injection
by Vulnerability-Lab
Machform 2 - RCE
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
by Yashar shahinzadeh
Machform 2 - SQL Injection
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
by Yashar shahinzadeh
Winamp <5.64 Build 3418 - Buffer Overflow
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
by Julien Ahrens
Winamp 5.63 - RCE
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution
by Julien Ahrens
CVSS 7.8
WordPress Plugin WP Feed - 'nid' SQL Injection
by Iranian Exploit DataBase
Anshul Sharma Category-grid-view-gallery - XSS
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
by Iranian Exploit DataBase
Machform 2 - XSS
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
by Yashar shahinzadeh
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by Asesino04
GLPI <0.83.9 - Code Injection
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
by Xavier Mehrenberger
Redhat Libvirt - Resource Management Error
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
by Daniel P. Berrange
Fortinet Fortios < 4.3.12 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
by Sven Wurth
Barracuda SSL VPN 680Vx 2.3.3.193 - Multiple Script Injection Vulnerabilities
by LiquidWorm
Yard Radius - Format String Vulnerability
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
by Hamid Zamani
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
Atomy Maxsite - 'index.php' Arbitrary File Upload
by Iranian_Dark_Coders_Team
eFile Wifi Transfer Manager 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Plugin WP Private Messages - 'msgid' SQL Injection
by IeDb ir
Xaraya < 2.4.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
by High-Tech Bridge
By Source