Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-0984 EXPLOITDB text VERIFIED
XOOPS < 2.5.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
by High-Tech Bridge SA
CVE-2012-4679 EXPLOITDB text VERIFIED
Newscoop < 3.5.5 - Cross-Site Scripting via f_user_name Parameter
Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.
by High-Tech Bridge SA
CVE-2012-1261 EXPLOITDB MEDIUM text VERIFIED
Scrutinizer NetFlow & sFlow Analyzer < 8.6.2.16204 - Cross-Site Scripting via Standalone Parameter
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.
by Trustwave's SpiderLabs
CVSS 6.1
CVE-2012-1593 EXPLOITDB text VERIFIED
Wireshark 1.4.x < 1.4.12 and 1.6.x < 1.6.6 - Denial of Service via Malformed ANSI A Packet
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
by Wireshark
CVE-2012-2131 EXPLOITDB text VERIFIED
OpenSSL 0.9.8v - Buffer Overflow via Crafted DER Data
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
by Tavis Ormandy
CVE-2012-4330 EXPLOITDB text VERIFIED
Samsung D6000 Firmware - Denial of Service via Long MAC Address Field
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
by Luigi Auriemma
CVE-2012-0984 EXPLOITDB text VERIFIED
XOOPS < 2.5.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
by High-Tech Bridge SA
CVE-2012-0984 EXPLOITDB text VERIFIED
XOOPS < 2.5.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
by High-Tech Bridge SA
CVE-2012-2270 EXPLOITDB text VERIFIED
owncloud < 3.0.3 - Open Redirect via Login Page redirect_url Parameter
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
by Tobias Glemser
CVE-2012-2234 EXPLOITDB text VERIFIED
TeamPass < 2.1.6 - Authenticated Cross-Site Scripting via Login Parameter
Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.
by Marcos Garcia
EIP-2026-108687 EXPLOITDB text VERIFIED
Joomla! Component JA T3 Framework - Directory Traversal
by indoushka
CVE-2012-4745 EXPLOITDB text VERIFIED
Acuity CMS 2.6.2 - Cross-Site Scripting via UserName Parameter
Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
by Aung Khant
EIP-2026-114284 EXPLOITDB text VERIFIED
WordPress Plugin Yahoo Answer - Multiple Cross-Site Scripting Vulnerabilities
by Ryuzaki Lawlet
EIP-2026-108913 EXPLOITDB text VERIFIED
Joomla! Plugin Beatz 1.1 - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant
EIP-2026-105483 EXPLOITDB text VERIFIED
Bioly 1.3 - '/index.php' Cross-Site Scripting / SQL Injection
by T0xic
EIP-2026-111969 EXPLOITDB text VERIFIED
Seditio CMS 165 - 'plug.php' SQL Injection
by AkaStep
EIP-2026-109388 EXPLOITDB text
MediaXxx Adult Video / Media Script - SQL Injection
by Daniel Godoy
EIP-2026-108487 EXPLOITDB text VERIFIED
Joomla! Component com_ponygallery - SQL Injection
by xDarkSton3x
EIP-2026-104329 EXPLOITDB text
ManageEngine Support Center Plus 7903 - Multiple Vulnerabilities
by xistence
CVE-2012-0278 EXPLOITDB text VERIFIED
IrfanView <4.3.4.0 - Buffer Overflow
Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression.
by Francis Provencher
EIP-2026-112938 EXPLOITDB text
Ushahidi 2.2 - Multiple Vulnerabilities
by shpendk
CVE-2012-2226 EXPLOITDB CRITICAL text
Invision Power Board < 3.3.1 - Unauthenticated Arbitrary File Upload
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
by waraxe
CVSS 9.8
CVE-2012-2104 EXPLOITDB text VERIFIED
Munin 2.x - Remote Code Execution via Terminal Emulator Escape Sequence Injection
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
by Helmut Grohne
CVE-2012-2276 EXPLOITDB text VERIFIED
EMC Documentum Information Rights Management - Denial of Service via Invalid FIPS Fields or Version Number
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number.
by Luigi Auriemma
EIP-2026-112338 EXPLOITDB text VERIFIED
SoftwareDEP Classified Script 2.5 - SQL Injection (2)
by hordcode security
By Source
All 31,386 Writeup 62,205 Exploitdb 50,076 Nomisec 22,391 Github 3,610 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,564 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25