Text Exploits
31,394 exploits tracked across all sources.
Machform 2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via view.php
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
by Yashar shahinzadeh
Machform 2 - SQL Injection via element_2 Parameter
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
by Yashar shahinzadeh
Winamp <5.64 Build 3418 - Buffer Overflow
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
by Julien Ahrens
Winamp 5.63 - Arbitrary Code Execution via Invalid Pointer Dereference
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution
by Julien Ahrens
CVSS 7.8
WordPress Plugin WP Feed - 'nid' SQL Injection
by Iranian Exploit DataBase
Category Grid View Gallery 2.3.1 - Cross-Site Scripting via ID Parameter
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
by Iranian Exploit DataBase
Machform 2 - Cross-Site Scripting via view.php element_2 Parameter
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
by Yashar shahinzadeh
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by Asesino04
GLPI < 0.83.9 - Unauthenticated PHP Object Unserialization via _predefined_fields Parameter
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
by Xavier Mehrenberger
libvirt 1.0.6 - Denial of Service via virConnectListAllInterfaces Double Free
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
by Daniel P. Berrange
FortiOS < 4.3.13 and 5.x < 5.0.2 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
by Sven Wurth
Barracuda SSL VPN 680Vx 2.3.3.193 - Multiple Script Injection Vulnerabilities
by LiquidWorm
YARD RADIUS 1.1.2 - Format String Vulnerability in Log and Version Functions
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
by Hamid Zamani
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
Atomy Maxsite - 'index.php' Arbitrary File Upload
by Iranian_Dark_Coders_Team
eFile Wifi Transfer Manager 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Plugin WP Private Messages - 'msgid' SQL Injection
by IeDb ir
Xaraya < 2.4.0 - Cross-Site Scripting via id/interface/name/tabmodule Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
by High-Tech Bridge
e107 Advanced Medal System Plugin - SQL Injection
by Life Wasted
Oracle VM VirtualBox < 4.2.18 - Denial of Service in Core
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.
by Thomas Dreibholz
Barnraiser Prairie - 'get_file.php' Directory Traversal
by prairie
By Source