Text Exploits
31,337 exploits tracked across all sources.
SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities
by Brendan Coles
SquidGuard 1.4 - Long URL Handling Remote Denial of Service
by Stefan Bauer
WordPress Download Monitor <3.3.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
by Chris Cooper
TomatoCart - 'example_form.ajax.php' Cross-Site Scripting
by HauntIT
Dell Crowbar < 1.4 - XSS
Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.
by Matthias Weckbecker
Longtailvideo JW Player < 5.10.2295 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
by MustLive
CVSS 6.1
WordPress Plugin HD Webplayer 1.1 - SQL Injection
by JoinSe7en
Phorum < 5.2.18 - XSS
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
by High-Tech Bridge
WordPress Plugin Simple:Press Forum - Arbitrary File Upload
by Iranian Dark Coders
WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure
by Jan Van Niekerk
Conceptronic Grab'n'Go and Sitecom Storage Center - Password Disclosure
by Mattijs van Ommeren
FreeBSD Intel SYSRET Privilege Escalation
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
by Shahriyar Jalayeri
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
xt:Commerce VEYTON 4.0.15 - 'products_name_de' Script Insertion
by LiquidWorm
WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting
by Crim3R
Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
IBM Rational ClearQuest <7.1.2.7 & 8.0.0.3 - Info Disclosure
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.
by anonymous
By Source