Text Exploits
31,394 exploits tracked across all sources.
WordPress Plugin wp-FileManager - Arbitrary File Download
by ByEge
WHMCS 4.x - 'invoicefunctions.php?id' SQL Injection
by Ahmed Aboul-Ela
umi.cms < 2.9 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
by High-Tech Bridge SA
Open Flash Chart - 'get-data' Cross-Site Scripting
by Deepankar Arora
Invision Power Board 1.x?/2.x/3.x - Admin Takeover
by John JEAN
Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections
by RunRunLevel
GetSimpleCMS <3.2.1 - Authenticated RCE
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.
by Ahmed Elhady Mohamed
CVSS 8.8
Joomla! Component com_s5clanroster - 'id' SQL Injection
by AtT4CKxT3rR0r1ST
Ajax Availability Calendar 3.x - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting
by Gjoko Krstic
Securimage - 'example_form.php' Cross-Site Scripting
by Gjoko Krstic
Huawei AR 150, 200, 1200, 2200, and 3200 - Stack-based Buffer Overflow via SNMPv3 Requests
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
by Roberto Paleari
Cisco Linksys E4200 1.0.05 - Code Injection
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
by sqlhacker
CVSS 8.1
NetApp OnCommand System Manager <2.2 - XSS
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
by M. Heinzl
CVSS 6.1
NetApp OnCommand System Manager <2.2 - XSS
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
by M. Heinzl
CVSS 6.1
MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities
by anonymous
b2evolution < 4.1.7 - Authenticated SQL Injection via show_statuses[] Parameter
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
Dovecot with Exim - 'sender_address' Remote Command Execution
by RedTeam Pentesting GmbH
By Source