Text Exploits
31,386 exploits tracked across all sources.
Microsoft IIS - Short File/Folder Name Disclosure
by Soroush Dalili
WordPress Plugin Backup 2.0.1 - Information Disclosure
by Stephan Knauss
python-wrapper - Untrusted Search Path/Code Execution
by ShadowHatesYou
IrfanView PlugIns < 4.33 - Remote Code Execution via Crafted JLS File
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
by Joseph Sheridan
WordPress Plugin Paid Business Listings 1.0.2 - Blind SQL Injection
by Chris Kellum
GIMP < 2.9.2 - Denial of Service via Malformed FITS File XTENSION Header
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
by Joseph Sheridan
SpecView < 2.5 Build 853 - Path Traversal via URI
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
by Luigi Auriemma
PowerNet Twin Client 8.9 - 'RFSync 1.0.0.1' Crash (PoC)
by Luigi Auriemma
phpmoneybooks 1.03 - Persistent Cross-Site Scripting
by chap0
LIOOSYS CMS - SQL Injection / Information Disclosure
by MustLive
SWFUpload < 2.2.0.1 - Cross-Site Scripting via movieName Parameter
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
by Nathan Partlan
TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities
by Rehan Ahmed
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
by Benjamin Kunz Mejri
Winlog Pro < 2.07.17 - Remote Code Execution via Invalid File-Pointer Index
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
by Luigi Auriemma
Zend Framework 1.x < 1.11.12 and 1.12.x < 1.12.0 - XML External Entity Injection via XML-RPC Request
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
by SEC Consult
CVSS 9.1
Symantec Web Gateway <5.0.3 - Info Disclosure
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.
by S2 Crew
Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass
by Security Explorations
WordPress Plugin Website FAQ 1.0 - SQL Injection
by Chris Kellum
DigPHP - 'dig.php' Script Remote File Disclosure
by Ryuzaki Lawlet
Western Digital's WD TV Live SMP/Hub - Privilege Escalation
by Wolfgang Borst
WellinTech KingView < 6.53 - Remote Code Execution via Crafted TCP Packet
Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
by Carlos Mario Penagos Hollmann
WordPress Plugin Fancy Gallery 1.2.4 - Arbitrary File Upload
by Sammy FORGIT
By Source