Text Exploits
31,386 exploits tracked across all sources.
PHP Volunteer Management System v1.0.2 - Code Injection
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.
by Ashoo
Yamamah Photo Gallery 1.1 - Database Information Disclosure
by L3b-r1'z
PHP Volunteer Management System 1.0.2 - Multiple SQL Injections
by loneferret
Nilehoster Topics Viewer 2.3 - Multiple SQL Injections / Local File Inclusion
by n4ss1m
b2ePms 1.0 - Multiple SQL Injection Vulnerabilities
by loneferret
AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities
by AkaStep
DynPage 1.0 - 'ckfinder' Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
phpCollab 2.5 - Direct Request Multiple Protected Page Access
by team ' & 1=1--
PHPCollab 2.5 - 'uploadfile.php' Crafted Request Arbitrary Non-PHP File Upload
by team ' & 1=1--
Jaow < 2.4.5 - SQL Injection via add_ons Parameter
SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter.
by kallimero
Wireshark 1.4.x < 1.4.13 and 1.6.x < 1.6.8 - Denial of Service via R3 Dissector Integer Underflow
Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.
by Laurent Butti
Wireshark <1.4.13 & 1.6.x <1.6.8 - DoS
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
by Klaus Heckelmann
Wireshark 1.4.x < 1.4.13 and 1.6.x < 1.6.8 - Denial of Service in DIAMETER Dissector
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.
by Wireshark
mod_auth_openid <0.7 - Info Disclosure
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
by Peter Ellehauge
Symantec Endpoint Protection/SNAC <11.0.710x - Privilege Escalation
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
by 41.w4r10r
Yellow Duck Framework 2.0 Beta1 - Local File Disclosure
by L3b-r1'z
Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
by AkaStep
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
Pligg CMS < 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
by High-Tech Bridge SA
phpCollab 2.5 - Database Backup Information Disclosure
by team ' & 1=1--
Plogger 1.0 Beta 3.0 - SQL Injection
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Eyup CELIK
By Source