Text Exploits
31,386 exploits tracked across all sources.
Nagios XI - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by anonymous
WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting
by Am!r
Opera < 11.60 - Certificate Revocation Handling Issue
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
by anonymous
WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting
by Am!r
WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection
by Saif
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ahmed Elhady Mohamed
Family Connections CMS < 2.9.0 - Cross-Site Request Forgery via News or Prayer Add Action
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
by Ahmed Elhady Mohamed
CVSS 8.8
Pet Listing - 'preview.php' Cross-Site Scripting
by Mr.PaPaRoSSe
HomeSeer HS2 2.5.0.20 - Cross-Site Scripting via Crafted URI
Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.
by Silent Dream
PowerDVD 11.0.0.2114 - Remote Denial of Service
by Luigi Auriemma
SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection
by Havok
Apache Struts 2.0.0-2.3.1.2 and 2.3.19-2.3.23 - Session Tampering via Unrestricted Interface Access
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
by Hisato Killing
Axis M10 Series Network Cameras Firmware < 5.21 - Cross-Site Scripting via pageTitle Parameter
Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml.
by Matt Metzger
Caseproof Prettylinks - XSS
Pretty-Link WordPress plugin 1.5.2 has XSS
by Am!r
CVSS 6.1
Simple Machines Forum (SMF) 1.1.15 - 'fckeditor' Arbitrary File Upload
by HELLBOY
Linux Kernel < 2.6.32 - Denial of Service via Network Namespace Creation
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
by Serge Hallyn
CVSS 7.5
SopCast 3.4.7.45585 - Unauthenticated Arbitrary Code Execution via Weak Diagnose.exe Permissions
SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.
by LiquidWorm
By Source