Text Exploits
31,386 exploits tracked across all sources.
TOSHIBA TEC e-Studio MFP - Unauthenticated Authentication Bypass
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.
by Deral Heiland PercX
Ruubikcms 1.1.0 - '/extra/image.php' Local File Inclusion
by Sangyun YOO
vtiger CRM < 5.2.1 - SQL Injection via Calendar Module onlyforuser Parameter
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
by Aung Khant
MICROSYS PROMOTIC < 8.1.5 - Heap-Based Buffer Overflow via Crafted Web Page
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
by Luigi Auriemma
Microsoft Windows - Buffer Overflow
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
by Byoungyoung Lee
WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
G-WAN 2.10.6 - Buffer Overflow (Denial of Service) (PoC)
by Fredrik Widlund
WordPress Plugin GD Star Rating 1.9.10 - SQL Injection
by Miroslav Stampar
Joomla! Component com_sgicatalog 1.0 - 'id' SQL Injection
by BHG Security Center
BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
SilverStripe < 2.3.13 and 2.4.x < 2.4.6 - Cross-Site Scripting via QUERY_STRING to Template Placeholders
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.
by Stefan Schurtz
Joomla! Component com_tree - 'key' SQL Injection
by CoBRa_21
Joomla! Component com_br - 'state_id' SQL Injection
by CoBRa_21
Advanced Forum Signatures 2.0.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Mario_Vs
AUTOMGEN <8.0.0.7 - Memory Corruption
AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.022) contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an indirect call through attacker-controlled memory, resulting in denial-of-service. In some conditions, remote code execution may be possible.
by Luigi Auriemma
GoAhead Webserver 2.18 - Cross-Site Scripting via Group Parameter or URL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
by Silent Dream
By Source