Text Exploits
31,394 exploits tracked across all sources.
McAfee Data Loss Prevention - Multiple Information Disclosure Vulnerabilities
by Jamie Ooi
Top Games Script 1.2 - SQL Injection
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
by AtT4CKxT3rR0r1ST
phpEventCalendar < 0.2.3 - SQL Injection via eventdisplay.php id Parameter
SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by AtT4CKxT3rR0r1ST
elemata_cms RC 3.0 - SQL Injection via id Parameter
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
AlienVault OSSIM 4.1 - SQL Injection
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
by Glafkos Charalambous
TRENDnet TE100-P1U Print Server Firmware 4.11 - Authentication Bypass
by Chako
Linksys E1000/E1200/E3200 - Command Injection
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.
by m-1-k-3
CVSS 8.3
GLPI 0.83.7 - Local File Inclusion via common.tabs.php
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
by LiquidWorm
CVSS 7.5
Monkey CMS - Multiple Vulnerabilities
by Yashar shahinzadeh_ Mormoroth
et-chat - Privilege Escalation / Arbitrary File Upload
by MR.XpR
SPBAS Business Automation Software 2012 - XSS
SPBAS Business Automation Software 2012 has XSS.
by Christy Philip Mathew
CVSS 6.1
Havalite CMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
by CWH Underground
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery
by expl0i13r
SPBAS Business Automation Software 2012 - CSRF
SPBAS Business Automation Software 2012 has CSRF.
by Christy Philip Mathew
CVSS 6.5
Fly-High CMS 2012-07-08 - Unrestricted Arbitrary File Upload
by CWH Underground
TaxiMonger for Android - 'name' HTML Injection
by Ismail Kaleem
LibrettoCMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.
by CWH Underground
monkey-project/monkey < 1.4.0 - Remote Access Restriction Bypass via Crafted URI
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
by felipensp
AXIS Media Control ActiveX Control - Arbitrary File Write via StartRecord, SaveCurrentImage, or StartRecordMedia Methods
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.
by Javier Repiso Sánchez
AirLive POE-2600HD Firmware - Denial of Service via Long URL
AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.
by Sánchez_ Lopez_ Castillo
CVSS 7.5
Grandstream GXV Device Firmware - Cross-Site Request Forgery in User Management
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
by Castillo
By Source