Text Exploits
31,386 exploits tracked across all sources.
Smarty Template Engine 2.6.9 - '$smarty.template' PHP Code Injection
by jonieske
MihanTools 1.33 - SQL Injection via product.php id Parameter
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by WHITE_DEVIL
Auto Database System 1.0 Infusion Addon - SQL Injection
by Saif
WebAsyst Shop-Script - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
T-Content Managment System - Multiple Vulnerabilities
by Daniel Godoy
jakcms 2.0 pro rc5 - Persistent Cross-Site Scripting via useragent http header Injection
by Saif El-Sherei
ProFTPD < 1.3.3d - Denial of Service via Malformed SSH Message
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
by kingcope
Multiple Check Point Endpoint Security Products - Information Disclosure
by Rapid7
SMC SMCD3G-CCR Firmware < 1.4.0.49 - Cross-Site Request Forgery via Web Interface
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.
by Trustwave's SpiderLabs
SMC SMCD3G-CCR < 1.4.0.49 - Unauthenticated Administrative Access via Default Credentials
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.
by Trustwave's SpiderLabs
Dew-NewPHPLinks 2.1b - 'index.php' SQL Injection
by AtT4CKxT3rR0r1ST
SMC SMCD3G-CCR - Session Hijacking via Predictable Session ID
The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.
by Trustwave's SpiderLabs
Qcodo Development Framework 0.3.3 - Full Information Disclosure
by Daniel Godoy
Escort und Begleitservice Agentur Script - SQL Injection
by NoNameMT
reos 2.0.5 - Multiple Vulnerabilities
by High-Tech Bridge SA
By Source