Text Exploits
31,337 exploits tracked across all sources.
Axway SecureTransport <5.1 SP2 - Path Traversal
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
by Sebastian Perez
Microsoft Internet Explorer 6 < 10 - Mouse Tracking
by Nick Johnson
IrfanView 4.33 - 'IMXCF.dll' Plugin Code Execution
by beford
MyBB Profile Blogs Plugin 1.2 - Multiple Vulnerabilities
by Zixem
Joomla! Component com_jooproperty 1.13.0 - Multiple Vulnerabilities
by D4NB4R
SimpleInvoices <stable-2012-1-CIS3000 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action.
by tommccredie
TVMOBiLi <2.1.0.3974 - Buffer Overflow
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.
by High-Tech Bridge SA
SumatraPDF 2.1.1/MuPDF 1.0 - Memory Corruption
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
by beford
CVSS 7.8
Clip-bucket Clipbucket < 2.6 - SQL Injection
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.
by High-Tech Bridge SA
Achievo - SQL Injection
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
by High-Tech Bridge SA
Centrify Deployment Manager 2.1.0.283 - Local Privilege Escalation
by Larry W. Cashdollar
Linux Kernel < 3.3 - Memory Corruption
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
by G13
Videolan Vlc Media Player < 2.0.4 - Memory Corruption
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.
by coolkaveh
Simple Gmail Login 1.1.2 - Information Disclosure
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.
by Aditya Balapure
m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities
by Yann CAM
Nvidia Install Application 2.1002.85.551 - 'NVI2.dll' Unicode Buffer Overflow (PoC)
by LiquidWorm
WordPress Theme Nest - 'codigo' SQL Injection
by Ashiyane Digital Security Team
By Source