Text Exploits
31,337 exploits tracked across all sources.
Buffalo WZR-HP-G300NH2 - Cross-Site Request Forgery
by Prayas Kulshrestha
ScriptCase - 'scelta_categoria.php' SQL Injection
by Hossein Hezami
Lokboard - 'index_4.php' PHP Code Injection
by CWH Underground
HP Insight Diagnostics - Improper Input Validation
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
by Markus Wulftange
HP Insight Diagnostics - Improper Input Validation
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
by Markus Wulftange
Resin Application Server 4.0.36 - Source Code Disclosure
by LiquidWorm
MobileIron Virtual Smartphone Platform - Privilege Escalation
by prdelka
WordPress Theme Ambience - 'src' Cross-Site Scripting
by Darksnipper
Ruubikcms 1.1.1 - Persistent Cross-Site Scripting
by expl0i13r
PHP Ticket System Beta 1 - Cross-Site Request Forgery
by Pablo Ribeiro
Caucho Resin - 'index.php?logout' Cross-Site Scripting
by Gjoko Krstic
Caucho Resin - '/resin-admin/' URI Cross-Site Scripting
by Gjoko Krstic
AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery
by Pablo Ribeiro
Linux kernel <3.9.4 - Privilege Escalation
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
by Kees Cook
T-mobile Tm-ac1900 - OS Command Injection
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
by drone
Netgear Dgn1000 Firmware < 1.1.00.48 - Missing Authentication
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
by Roberto Paleari
CVSS 9.8
Ruubikcms 1.1.1 - 'tinybrowser.php?folder' Directory Traversal
by expl0i13r
Cuppa CMS - '/alertConfigField.php' Local/Remote File Inclusion
by CWH Underground
Parallels Plesk Panel <9.0.x, 9.2.x - RCE
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
by kingcope
Apple Mac OS X <10.6.8 - RCE/DoS
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
by Core Security
Apache Struts < 2.3.14.3 - Code Injection
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
by Jon Passki
Imperva Securesphere - Improper Input Validation
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
by Pedro Andujar
By Source