Text Exploits

EIP-2026-104938 EXPLOITDB text VERIFIED

AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure

by Stefan Schurtz

View

CVE-2011-3861 EXPLOITDB text VERIFIED

Web Minimalist 200901 < 1.2 - Cross-Site Scripting via PATH_INFO to index.php

Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

by SiteWatch

View

CVE-2011-3859 EXPLOITDB text VERIFIED

Trending theme < 0.1 - Cross-Site Scripting via cpage Parameter

Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

by SiteWatch

View

EIP-2026-114332 EXPLOITDB text VERIFIED

WordPress Theme Hybrid 0.9 - 'cpage' Cross-Site Scripting

by SiteWatch

View

CVE-2011-3855 EXPLOITDB text VERIFIED

F8 Lite < 4.2.2 - Cross-Site Scripting via s Parameter

Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

by SiteWatch

View

CVE-2011-3860 EXPLOITDB text VERIFIED

Cover WP < 1.6.6 - Cross-Site Scripting via s Parameter

Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

by jabdah

View

EIP-2026-113869 EXPLOITDB text VERIFIED

WordPress Plugin Link Library 5.2.1 - SQL Injection

by Miroslav Stampar

View

CVE-2011-4671 EXPLOITDB text VERIFIED

AdRotate < 3.6.8 - SQL Injection via Track Parameter

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

by Miroslav Stampar

View

CVE-2011-3579 EXPLOITDB text VERIFIED

IceWarp WebMail <10.3.3 - SSRF/Info Disclosure

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.

by David Kirkpatrick

View

EIP-2026-116347 EXPLOITDB text VERIFIED

sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities

by Luigi Auriemma

View

EIP-2026-114660 EXPLOITDB text VERIFIED

Zyncro 3.0.1.20 - Social Network Message Menu SQL Injection

by Ferran Pichel Llaquet

View

EIP-2026-114659 EXPLOITDB text VERIFIED

Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities

by Ferran Pichel Llaquet

View

CVE-2011-3010 EXPLOITDB text VERIFIED

TWiki < 5.1.0 - Cross-Site Scripting via New Topic Parameter or SlideShow Plugin Query String

Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.

by Mesut Timur

View

CVE-2011-3010 EXPLOITDB text VERIFIED

TWiki < 5.1.0 - Cross-Site Scripting via New Topic Parameter or SlideShow Plugin Query String

Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.

by Mesut Timur

View

EIP-2026-105338 EXPLOITDB text VERIFIED

AWStats 6.95/7.0 - 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities

by MustLive

View

CVE-2011-5127 EXPLOITDB text

Blue Coat Reporter 9.x < 9.2.4.13, 9.2.5.x < 9.2.5.1, 9.3 < 9.3.1.2 - Path Traversal

Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.

by nitr0us

View

EIP-2026-115623 EXPLOITDB text VERIFIED

MetaServer RT 3.2.1.450 - Multiple Vulnerabilities

by Luigi Auriemma

View

EIP-2026-115226 EXPLOITDB text VERIFIED

EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities

by Luigi Auriemma

View

EIP-2026-110042 EXPLOITDB text VERIFIED

OneCMS 2.6.4 - Multiple SQL Injections

by kurdish hackers team

View

EIP-2026-100357 EXPLOITDB text VERIFIED

i-Gallery 3.4 - 'd' Cross-Site Scripting

by Kurd-Team

View

CVE-2011-1892 EXPLOITDB text

Microsoft SharePoint and Office Products - XML External Entity Injection in Web Parts

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

by Nicolas Gregoire

View

EIP-2026-101875 EXPLOITDB text

Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery

by Sense of Security

View

CVE-2011-2544 EXPLOITDB text

Cisco TelePresence System MXP Series < F9.1 - Authenticated Cross-Site Scripting via Call ID

Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.

by Sense of Security

View

CVE-2011-2543 EXPLOITDB text

Cisco Telepresence C Series < TC4.2.0 - Authenticated Buffer Overflow via cuil getxml Location Parameter

Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.

by Sense of Security

View

EIP-2026-114295 EXPLOITDB text

WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion

by Ben Schmidt

View