Text Exploits
31,386 exploits tracked across all sources.
iSpot and ClearSpot Firmware 2.0.0.0 - Cross-Site Request Forgery via Multiple CGI Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
by Trustwave's SpiderLabs
Cetera eCommerce - 'banner.php' Cross-Site Scripting
by MustLive
Sulata iSoft - 'stream.php' Local File Disclosure
by Sudden_death
Social Share - 'vote.php' HTTP Response Splitting
by Aliaksandr Hartsuyeu
slickMsg 0.7-alpha - 'top.php' Cross-Site Scripting
by Aliaksandr Hartsuyeu
ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities
by Rob Kraus
Joomla! Component JExtensions Property Finder - 'sf_id' SQL Injection
by FL0RiX
Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities
by MustLive
Joomla! Component com_billyportfolio 1.1.2 - Blind SQL Injection
by jdc
PHP < 5.3.3 - Denial of Service via NumberFormatter::getSymbol Integer Overflow
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
by Maksymilian Arciemowicz
BizDir 05.10 - 'f_srch' Cross-Site Scripting
by Aliaksandr Hartsuyeu
net2ftp 0.98 (stable) - '/admin1.template.php' Local/Remote File Inclusion
by Marcin Ressel
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload
by Salvatore Fresta
JExtensions JE Auto (com_jeauto) 1.0 - SQL Injection via Char Parameter
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
by Salvatore Fresta
Redback < 1.2.4 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.
by Anatolia Security
VMware Workstation/Player/Fusion/ESXi/ESX Command Injection via VMware Tools Update
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.
by Nahuel Grisolia
Firefox < 3.5.16 and 3.6.x < 3.6.13 - Cross-Site Scripting via Character Encoding Conversion
Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.
by Yosuke Hasegawa
WWWThread 5.0.8 Pro - 'showflat.pl' Cross-Site Scripting
by Aliaksandr Hartsuyeu
Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution
by Kryptos Logic
wp-safe-search 0.7 - Cross-Site Scripting via v1 Parameter
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
by John Leitch
WordPress Processing Embed <0.5 - XSS
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter.
by John Leitch
Drupal Module Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam - Multiple Vulnerabilities
by Justin Klein Keane
By Source