Text Exploits

CVE-2012-2741 EXPLOITDB text VERIFIED

phplist < 2.10.18 - Cross-Site Scripting via Num Parameter in Reconcileusers Action

Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.

by LiquidWorm

View

CVE-2012-1468 EXPLOITDB text VERIFIED

Open Journal Systems < 2.3.7 - Authenticated Remote Code Execution via Executable File Upload

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.

by High-Tech Bridge

View

CVE-2012-1467 EXPLOITDB text VERIFIED

Open Journal Systems < 2.3.6 - Authenticated Path Traversal via iBrowser Plugin rfiles.php param Parameter

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.

by High-Tech Bridge

View

CVE-2012-1469 EXPLOITDB text VERIFIED

Open Journal Systems < 2.3.7 - Cross-Site Scripting via iBrowser Plugin Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.

by High-Tech Bridge

View

CVE-2012-1469 EXPLOITDB text VERIFIED

Open Journal Systems < 2.3.7 - Cross-Site Scripting via iBrowser Plugin Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.

by High-Tech Bridge

View

EIP-2026-106014 EXPLOITDB text VERIFIED

CMSimple 3.3 - 'index.php' Cross-Site Scripting

by Stefan Schurtz

View

EIP-2026-102409 EXPLOITDB text VERIFIED

Minify 2.1.x - 'g' Cross-Site Scripting

by Ayoub Aboukir

View

EIP-2026-101628 EXPLOITDB text

D-Link DIR-605 - Cross-Site Request Forgery

by iqzer0

View

CVE-2012-2027 EXPLOITDB text VERIFIED

Adobe Photoshop CS5 < 12.0.5 and CS5.1 < 12.1.1 - Use-After-Free via Crafted TIFF File

Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file.

by Francis Provencher

View

EIP-2026-110047 EXPLOITDB text VERIFIED

OneForum - 'topic.php' SQL Injection

by Red Security TEAM

View

EIP-2026-110043 EXPLOITDB text VERIFIED

OneFileCMS - Failure to Restrict URL Access

by Abhi M Balakrishnan

View

CVE-2012-4873 EXPLOITDB text VERIFIED

GNUBoard < 4.34 - Cross-Site Scripting via File Download Filename Parameter

Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.

by wh1ant

View

EIP-2026-100928 EXPLOITDB text VERIFIED

WebGlimpse 2.14.1/2.18.8 - 'webglimpse.cgi' Remote Command Injection

by Kevin Perry

View

EIP-2026-100019 EXPLOITDB text

Android FTPServer 1.9.0 - Remote Denial of Service

by G13

View

CVE-2012-1196 EXPLOITDB text VERIFIED

Lenovo ThinkManagement Console 9.0.3 - Path Traversal and Arbitrary File Deletion via VulCore Web Service

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.

by rgod

View

CVE-2012-1195 EXPLOITDB text VERIFIED

Lenovo ThinkManagement Console 9.0.3 - Unauthenticated Remote Code Execution via ServerSetup Web Service File Upload

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.

by rgod

View

EIP-2026-118406 EXPLOITDB text VERIFIED

Dell Webcam Software Bundled - ActiveX Remote Buffer Overflow

by rgod

View

EIP-2026-118219 EXPLOITDB text VERIFIED

2X Client for RDP 10.1.1204 - ClientSystem Class ActiveX Control Download and Execute

by rgod

View

CVE-2012-1065 EXPLOITDB text VERIFIED

2X ApplicationServer 10.1 Build 1224 - Arbitrary File Write via TuxSystem ActiveX ExportSettings Method

Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method.

by rgod

View

EIP-2026-105896 EXPLOITDB text VERIFIED

ClassifiedsGeek.com Vacation Packages - 'listing_search' SQL Injection

by r45c4l

View

EIP-2026-103849 EXPLOITDB text VERIFIED

Apache Tomcat - Account Scanner / 'PUT' Request Command Execution

by kingcope

View

EIP-2026-102495 EXPLOITDB text VERIFIED

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal

by rgod

View

CVE-2012-5334 EXPLOITDB text VERIFIED

Pre Printing Press - SQL Injection via product_desc.php pid Parameter

SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.

by Easy Laster

View

EIP-2026-102379 EXPLOITDB text VERIFIED

JavaBB 0.99 - 'userId' Cross-Site Scripting

by sonyy

View

CVE-2009-5112 EXPLOITDB text VERIFIED

iwork WebGlimpse <= 2.18.7 - Exposure of Sensitive Information via wgarcmin.cgi

wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request.

by Websecurity

View