Text Exploits
31,386 exploits tracked across all sources.
Support Incident Tracker < 3.65 - Cross-Site Request Forgery via User Profile Edit
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
by High-Tech Bridge SA
phpldapadmin < 1.2.2 - Cross-Site Scripting via Base Parameter in Query Engine
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
by andsarmiento
phpLDAPadmin 1.2.0.5-2 - 'server_id' Cross-Site Scripting
by andsarmiento
OpenEMR 4.1.0 - Authenticated Path Traversal via Formname Parameter
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
by High-Tech Bridge SA
OpenEMR 4.1.0 - Authenticated Path Traversal via Formname Parameter
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
by High-Tech Bridge SA
OpenEMR 4.1.0 - Authenticated Remote Code Execution via Fax Dispatch File Parameter
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.
by High-Tech Bridge SA
OpenEMR 4.1.0 - Authenticated Path Traversal via Formname Parameter
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
by High-Tech Bridge SA
Adobe Flash Player <10.3.183.5 - Memory Corruption
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.
by Abysssec
EdrawSoft Office Viewer Component ActiveX 5.6 - 'officeviewermme.ocx' Buffer Overflow (PoC)
by LiquidWorm
Vastal I-Tech Agent Zone - SQL Injection
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.
by Cagri Tepebasili
phpShowtime 2.0 - Path Traversal via 'r' Parameter
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information.
by Red Security TEAM
Joomla! Component com_crhotels - 'catid' SQL Injection
by the_cyber_nuxbie
Scriptsez.net Ez Album - SQL Injection
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
by Red Security TEAM
4images 1.7.10 - Open Redirect via Admin Index Redirect Parameter
Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
by RandomStorm
4images 1.7.10 - SQL Injection via cat_parent_id Parameter
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.
by RandomStorm
4images 1.7.10 - Cross-Site Scripting via cat_parent_id Parameter
Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.
by RandomStorm
sudo 1.8.0-1.8.3p1 - Local Use-After-Free via Format String in sudo_debug
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
by joernchen
phux Download Manager - SQL Injection
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter.
by Red Security TEAM
Joomla! Component com_propertylab - 'id' SQL Injection
by the_cyber_nuxbie
Joomla! Component com_firmy - 'Id' SQL Injection
by the_cyber_nuxbie
Joomla! Component com_bbs - Multiple SQL Injections
by the_cyber_nuxbie
By Source