Text Exploits
31,386 exploits tracked across all sources.
Invensys Wonderware InBatch 8.1 and 9.0 - Buffer Overflow via Crafted Request to Port 9001
Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001.
by Luigi Auriemma
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by High-Tech Bridge SA
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by High-Tech Bridge SA
WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting
by John Leitch
Aigaion 1.3.4 - SQL Injection via ID Parameter in export action
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
by KnocKout
RDM Embedded Lock Manager < 9.x - 'lm_tcp' Service Buffer Overflow
by Luigi Auriemma
SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities
by x0skel
WinZip 15.0 - WZFLDVW.OCX Text Property Denial of Service
by Fady Mohammed Osman
WinZip 15.0 - WZFLDVW.OCX IconIndex Property Denial of Service
by Fady Mohammed Osman
phpMyAdmin < 3.4.0-beta1 - Cross-Site Scripting via BBcode Tag
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
by emgent white_sheep & scox
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
by LiquidWorm
Pulse CMS < 1.2.9 - Remote File Inclusion via Path Traversal in p Parameter
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
by Mark Stanislav
HotWebScripts HotWeb Rentals - SQL Injection
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
by R4dc0re
GateSoft DocuSafe <4.1.2 - SQL Injection
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
by R4dc0re
Ecommercemax Solutions DGS <1.5 - SQL Injection
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.
by R4dc0re
Wireshark 1.2.0-1.2.12 and 1.4.0-1.4.1 - Heap-Based Buffer Overflow in LDSS Dissector
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
by Nephi Johnson
Techno Dreams FAQ Manager Package 1.0 - 'faqlist.asp' SQL Injection
by R4dc0re
By Source