Text Exploits
31,337 exploits tracked across all sources.
Subrion CMS 2.2.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
by High-Tech Bridge SA
Sixapart Movable Type - XSS
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
by sqlhacker
Joomla! Component com_commedia - 'task' SQL Injection
by D4NB4R
ATutor AContent <1.2 - SQL Injection
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
by High-Tech Bridge SA
FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection
by Aung Khant
Spamtitan Webtitan < 3.50 - Path Traversal
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.
by Richard Conner
Microsoft Internet Explorer 9 - Cross-Site Scripting Filter Bypass
by Jean Pascal Pereira
Joomla! Component com_fss 1.9.1.1447 - SQL Injection
by D4NB4R
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting
by Netsparker
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation
by halfdog
WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection
by Ashiyane Digital Security Team
BSW Gallery - 'uploadpic.php' Arbitrary File Upload
by cr4wl3r
Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection
by cr4wl3r
Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting
by cr4wl3r
Amateur Photographer's Image Gallery - 'fullscreen.php?albumid' SQL Injection
by cr4wl3r
Amateur Photographer's Image Gallery - 'force-download.php?File' Information Disclosure
by cr4wl3r
WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities
by waraxe
Jcore < 1.0 - XSS
Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
by High-Tech Bridge
Oracle WebCenter Sites - Info Disclosure
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185.
by SEC Consult
mod_security2 <2.7.0 - Auth Bypass
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
by Bernhard Mueller
By Source