Text Exploits
31,394 exploits tracked across all sources.
Cisco Linksys WRT310N Router - Multiple Denial of Service Vulnerabilities
by Carl Benedict
Open Flash Chart v2 Beta 1-v2 Lug Wyrm Charmer - RCE
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
by iskorpitx
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by iskorpitx
WordPress Theme Colormix - Multiple Vulnerabilities
by MustLive
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Full Path Disclosure
by ITTIHACK
Nginx 0.6.x - Arbitrary Code Execution NullByte Injection
by Neal Poole
TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities
by W1ckerMan
KrisonAV CMS < 3.0.2 - Cross-Site Scripting via Content Parameter
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
by High-Tech Bridge SA
Oracle Fusion Middleware WebCenter Sites 7.6.2, 11.1.1.6.0, 11.1.1.6.1 - Authenticated Integrity Impact
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.
by SEC Consult
Oracle Java SE <7.17,6.43,5.41 - DoS
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
by SEC Consult
Foxit Reader 5.4.3.x < 5.4.5.0124 - PDF XREF Parsing Denial of Service
by FuzzMyApp
KrisonAV CMS < 3.0.2 - Cross-Site Request Forgery via User Account Creation
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
by High-Tech Bridge SA
ZPanel through 10.1.0 - Remote Code Execution
ZPanel through 10.1.0 has Remote Command Execution
by Sven Slootweg
CVSS 7.8
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities
by Henry Hoggard
Pop Up News module 2.0 - SQL Injection via itemid Parameter
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
by NoGe
Linux Kernel < 3.8.8 - Denial of Service via Ftrace lseek NULL Pointer Dereference
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
by anonymous
Cisco Linksys EA2700 Router - Multiple Vulnerabilities
by Phil Purviance
Todoo Forum 2.0 - SQL Injection via id_post or pg Parameter
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
Todoo Forum 2.0 - Cross-Site Scripting via id_post or pg Parameter
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
SimpleHRM <= 2.3 - SQL Injection via Username Parameter
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
by Doraemon
Free Monthly Websites 2.0 - Admin Password Change
by Yassin Aboukir
By Source