Text Exploits
31,386 exploits tracked across all sources.
D-Link ShareCenter Products - Multiple Remote Code Execution Vulnerabilities
by Roberto Paleari
SimpleGroupware < 0.743 - Cross-Site Scripting via Export Parameter
Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter.
by Infoserve Security Team
eFront Community++ 3.6.10 - Cross-Site Scripting via Administrator Filter Parameter
Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
by Chokri B.A
ManageEngine ADManager Plus <5.2.5210 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.
by LiquidWorm
ManageEngine ADManager Plus <5.2.5210 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.
by LiquidWorm
Edraw Diagram Component 5 - ActiveX Control 'LicenseName()' Method Buffer Overflow
by Senator of Pirates
XRay CMS 1.1.1 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
by chap0
Tube Ace 1.6 - SQL Injection via q Parameter
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
by Daniel Godoy
BASE 1.4.5 - SQL Injection via ip_addr Parameters
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.
by a.kadir altan
Apache HTTP Server <2.0.64, <2.2.18 - SSRF
The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
by Tomas Hoger
]project-open[ 3.4.x-3.5.0.1-2 - Cross-Site Scripting via Message Parameter
Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed.
by Michail Poultsakis
PHP 5.4SVN-2012-02-03 - htmlspecialchars/entities Buffer Overflow
by cataphract
Sphinx Software Mobile Web Server 3.1.2.47 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog/AboutSomething.txt.
by SecPod Research
OfficeSIP Server 3.1 - Denial of Service via Crafted SIP INVITE To Header
OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message.
by SecPod Research
NetSarang Xlpd and Xmanager Enterprise - Denial of Service via Malformed LPD Request
NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request.
by SecPod Research
OSCommerce Online Merchant 3.0.2 - XSS
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
by Vulnerability-Lab
Joomla mod_currencyconverter 1.0.0 - XSS
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.
by BHG Security Center
Joomla! Component com_bnf - 'seccion_id' SQL Injection
by Daniel Godoy
lknSupport - Cross-Site Scripting via PATH_INFO in Search Module
Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Red Security TEAM
GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities
by sonyy
Apache Struts 1.3.10 - Cross-Site Scripting via Name or Message Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
by SecPod Research
By Source