Text Exploits
31,394 exploits tracked across all sources.
Banana Dance <B.2.6 - Info Disclosure
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
by High-Tech Bridge SA
Banana Dance <B.2.6 - Path Traversal
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
by High-Tech Bridge SA
Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow
by LiquidWorm
Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow
by LiquidWorm
Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow
by LiquidWorm
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow
by LiquidWorm
Firefly Media Server 1.0.0.1359 - Denial of Service via Crafted HTTP Headers
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version.
by High-Tech Bridge SA
Elite Bulletin Board < 2.1.22 - SQL Injection via PATH_INFO
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
by High-Tech Bridge SA
Banana Dance < b.2.6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
by High-Tech Bridge SA
YeaLink IP Phone SIP-TxxP Firmware 9.70.0.100 - Multiple Vulnerabilities
by xistence
WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
by DigiP
Joomla! Component com_ztautolink - 'Controller' Local File Inclusion
by Xr0b0t
Joomla! Component com_bit - 'Controller' Local File Inclusion
by Xr0b0t
SonicWALL SonicOS 5.8.1.8 WAF - Cross-Site Scripting
by Vulnerability-Lab
Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
MyBB Transactions Plugin - 'transaction' SQL Injection
by limb0
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting
by MustLive
MyBB User Profile Skype ID Plugin 1.0 - Persistent Cross-Site Scripting
by limb0
Totem Movie Player 3.4.3 (Ubuntu) - Stack Corruption
by coolkaveh
Social Sites MyBB Plugin 0.2.2 - Cross-Site Scripting
by s3m00t
Portable phpMyAdmin <1.3.1 - Auth Bypass
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
by Mark Stanislav
By Source