Text Exploits
31,337 exploits tracked across all sources.
Microsoft Internet Explorer 8-9 - CSRF
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
by Christian Haider
PHP weby directory software 1.2 - Multiple Vulnerabilities
by AkaStep
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
by EgiX
WordPress Plugin SolveMedia 1.1.0 - Cross-Site Request Forgery
by Junaid Hussain
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
by AkaStep
Imagecms < 4.0.0 - SQL Injection
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
Aloaha PDF Crypter (3.5.0.1164) - ActiveX Arbitrary File Overwrite
by shinnai
Wp-table Reloaded < 1.9.4 - XSS
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
by hiphop
WordPress Theme Chocolate WP - Multiple Vulnerabilities
by Eugene Dokukin
gpEasy CMS <3.5.2 - XSS
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
by High-Tech Bridge SA
WordPress Plugin Developer Formatter - Cross-Site Request Forgery
by Junaid Hussain
Digitiliti Digilibe - Information Disclosure
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
by Robert Gilbert
Adult WebMaster Script - Password Disclosure
by Dshellnoi Unix
Perforce P4web - XSS
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
by Christy Philip Mathew
CVSS 6.1
NConf 1.3 - '/detail.php/detail_admin_items.php?id' SQL Injection
by haidao
Redhat Enterprise Linux - Improper Input Validation
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
by anonymous
F5 BIG-IP <11.2.1 - Info Disclosure
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
by anonymous
Aloaha Credential Provider Monitor 5.0.226 - Local Privilege Escalation
by LiquidWorm
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
by 3spi0n
WordPress Plugin Ripe HD FLV Player - SQL Injection
by Zikou-16
Joomla! Component com_collector - Arbitrary File Upload
by Red Dragon_al
PHP-Charts v1.0 - RCE
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
by AkaStep
Sonicwall Analyzer - Authentication Bypass
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
by Nikolas Sotiriu
CVSS 9.8
By Source