Text Exploits
31,337 exploits tracked across all sources.
KDE 4.7.3 - Use After Free
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
by Tim Brown
Axigen Free Mail Server - Path Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
by Zhao Liang
WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities
by waraxe
vam shop 1.69 - Multiple Vulnerabilities
by Security Effect Team
PG Dating Pro CMS 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities
by Security Effect Team
BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities
by Canberk BOLAT
SolarWinds Orion <3.0-HotFix1 - XSS
Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field.
by Anthony Trummer
Joomla! Component com_quiz - SQL Injection
by Daniel Barragan
WordPress Plugin Easy Webinar - Blind SQL Injection
by Robert Cooper
Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 - Multiple Vulnerabilities
by shinnai
Inventory - Multiple Cross-Site Scripting / SQL Injections
by G13
Microsoft Office Picture Manager 2010 - Crash (PoC)
by coolkaveh
Bitweaver <2.8.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
by Trustwave's SpiderLabs
CVSS 6.1
ClanSphere 2011.3 - Local File Inclusion
ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks.
by blkhtc0rp
CVSS 7.5
White Label CMS <1.5.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
by pcsjj
White Label CMS <1.5 - XSS
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
by pcsjj
WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities
by waraxe
By Source