Text Exploits
31,386 exploits tracked across all sources.
TRENDnet SecurView TV-IP121WN - Buffer Overflow
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
by rgod
Camera Stream Client < - Buffer Overflow
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument.
by rgod
NextBBS 0.6 - Cross-Site Scripting via Do Parameter
Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php.
by waraxe
NextBBS 0.6 - SQL Injection via curstr id or username Parameter
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.
by waraxe
Matthew1471 BlogX - Multiple Cross-Site Scripting Vulnerabilities
by demonalex
vBshop - Multiple Persistent Cross-Site Scripting Vulnerabilities
by ToiL
Zumset.com FbiLike 1.00 - 'id' Cross-Site Scripting
by Crim3R
RIPS Scanner <0.54 - Path Traversal
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This can lead to disclosure of sensitive information.
by localh0t
RealPlayer < 15.0.0 - Denial of Service via Crafted MP4 File
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.
by Senator of Pirates
Event Calendar PHP - 'cal_year' Cross-Site Scripting
by 3spi0n
Wolf CMS < 0.75 - Cross-Site Scripting via User Add Parameters
Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters.
by Ivano Binetti
Sitecom WLM-2501 - Cross-Site Request Forgery in Multiple Admin Forms
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.
by Ivano Binetti
phpmoneybooks < 1.0.2 - Path Traversal via Module Parameter
Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
by Mark Stanislav
FreePBX < 2.10 - Remote Code Execution via callmenum Parameter
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
by Martin Tschirsich
Google Talk - 'gtalk://' Deprecated URI Handler Injection
by rgod
Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).
by rgod
vbshout < 6.2.18 - Cross-Site Scripting via Shout Parameter
Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action.
by ToiL
CVSS 6.1
phpmoneybooks 1.0.4 - Path Traversal via File Parameter
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.
by Mark Stanislav
PHP Grade Book < 1.9.5 BETA - Unauthenticated Database Exposure via SaveSQL Action
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.
by Mark Stanislav
FreePBX < 2.9 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
by Martin Tschirsich
phplist < 2.10.18 - SQL Injection via sortby Parameter
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
by LiquidWorm
Oreans Themida 2.1.8.0 - Buffer Overflow via Crafted .TMD File
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.
by LiquidWorm
By Source