Text Exploits
31,337 exploits tracked across all sources.
Myrephp Myre Vacation Rental - XSS
Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parameter in a login action.
by d3b4g
Myrephp Myre Business Directory - XSS
Cross-site scripting (XSS) vulnerability in search.php in MYRE Business Directory allows remote attackers to inject arbitrary web script or HTML via the look parameter.
by d3b4g
Myrephp Myre Realty Manager - XSS
Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
by d3b4g
friendsinwar FAQ Manager - SQL Injection / Authentication Bypass
by d3b4g
dotProject <2.0.1 - RCE
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product
by dun
CVSS 5.6
Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)
by Vulnerability-Lab
Libtiff < 3.9.4 - Memory Corruption
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
by Francis Provencher
IrfanView - '.RLE' Image Decompression Buffer Overflow
by Francis Provencher
Eventy CMS 1.8 Plus - Multiple Vulnerabilities
by Vulnerability-Lab
Bananadance Wiki b2.2 - Multiple Vulnerabilities
by Vulnerability-Lab
WordPress Plugin PHP Event Calendar - 'cid' SQL Injection
by Ashiyane Digital Security Team
WordPress Plugin Eco-annu - 'eid' SQL Injection
by Ashiyane Digital Security Team
ESRI ArcGIS 10.1 - SQL Injection
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
by anonymous
AWCM 2.2 - XSS
cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.
by Sooel Son
WordPress Plugin FLV Player - 'id' SQL Injection
by Ashiyane Digital Security Team
OrangeHRM 2.7.1 RC 1 - SQL Injection
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.
by High-Tech Bridge
Cryptocat < 2.0.22 - Improper Input Validation
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
by Mario Heiderich
CVSS 9.8
Cryptocat < 2.0.22 - Information Disclosure
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
by Mario Heiderich
CVSS 7.5
AVerCaster Pro RS3400 Web Server - Directory Traversal
by Patrick Saladino
By Source