Text Exploits
31,386 exploits tracked across all sources.
DiY-CMS blog module 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php.
by snup
Linux Kernel < 3.2.14 - Denial of Service via KVM em_syscall Opcode Handling
The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.
by Stephan Sattler
WordPress Plugin Mailing List - Arbitrary File Download
by 6Scan
Nagios Plugins check_ups - Local Buffer Overflow (PoC)
by Stefan Schurtz
OpenEMR 4 - Unauthenticated Arbitrary PHP File Upload via Patient Photograph Feature
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.
by Level
OpenEMR 4 - Cross-Site Scripting via Site Parameter
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.
by Level
OpenEMR < 4.1.0 - SQL Injection via User Parameter
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
by Level
Tiki < 8.2 - Authenticated Remote Code Execution via Regex Parameters
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
by EgiX
CVSS 7.2
Infoproject Biznis Heroj - SQL Injection via login.php or widget.dokumenti_lista.php
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
by LiquidWorm
SpamTitan < 5.08 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.
by Vulnerability-Lab
Kaspersky Internet Security/Anti-Virus - '.cfg' File Memory Corruption
by Vulnerability Research Laboratory
SpamTitan < 5.07 - Cross-Site Scripting via setup-network.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
Infoproject Biznis Heroj - Stored Cross-Site Scripting via config Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.
by LiquidWorm
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
Plone 4.0-4.0.9, 4.1, 4.2-4.2a2 - Remote Code Execution via p_ Class in OFS/misc_.py
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
by Nick Miles
Barracuda Control Center 620 - Multiple Web Vulnerabilities
by Vulnerability-Lab
Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection
by Vulnerability-Lab
FlashPix PlugIn 4.2.2.0 for IrfanView - Denial of Service via Crafted FPX Image
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
by Francis Provencher
IrfanView < 4.32 - Remote Code Execution via TIFF Rows Per Strip and Samples Per Pixel
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
by Francis Provencher
TikiWiki CMS/Groupware < 8.1 - Cross-Site Scripting via tiki-cookie-jar.php Parameters
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
by Stefan Schurtz
PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
Joomla! Component com_tsonymf - 'idofitem' SQL Injection
by CoBRa_21
Joomla! Component com_caproductprices - 'id' SQL Injection
by CoBRa_21
By Source