Text Exploits
31,386 exploits tracked across all sources.
Podcast Generator 1.3 - Multiple Vulnerabilities
by High-Tech Bridge SA
Majordomo <20110131 - Path Traversal
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
by Michael Brooks
Octeth Oempro 3.6.4 - SQL Injection / Information Disclosure
by Ignacio Garrido
Majordomo <20110203 - Path Traversal
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
by Michael Brooks
VLC Media Player - Remote Code Execution via Malformed Subtitle Tag in MKV File
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
by Harry Sintonen
Wireshark 1.2.0-1.2.14, 1.4.0-1.4.3, 1.5.0 - Use-After-Free in pcap-ng File Processing
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.
by Huzaifa Sidhpurwala
Zikula Application Framework < 1.2.5 - Cross-Site Request Forgery via Users Module
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
by Aung Khant
TCExam 11.1.16 - 'user_password' Cross-Site Scripting
by AutoSec Tools
Redaxscript 0.3.2 - SQL Injection via Password Reset Parameters
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.
by High-Tech Bridge SA
Cisco Tandberg C Series & E/EX Units < TC4.0.0 - Unauthenticated Root Access
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.
by Cisco Security
WordPress Plugin TagNinja 1.0 - 'id' Cross-Site Scripting
by AutoSec Tools
TinyWebGallery 1.8.3 - Cross-Site Scripting / Local File Inclusion
by Yam Mesicka
Moodle 2.0-2.0.2 - Cross-Site Scripting via Spike PHPCoverage Library
Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by AutoSec Tools
Joomla! Component com_frontenduseraccess - Local File Inclusion
by wishnusakti
Joomla! Component com_clan_members - 'id' SQL Injection
by FL0RiX
Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass
by Jeff Channell
By Source