Text Exploits
31,386 exploits tracked across all sources.
Invision Power Board 3 - 'search_app' SQL Injection
by Lord Tittis3000
Build a Niche Store 3.0 - 'BANS' Authentication Bypass
by ThunDEr HeaD
AR Web Content Manager AWCM 2.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php.
by LoSt.HaCkEr
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Default Credentials Exposure via TELNET
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.
by Trustwave's SpiderLabs
Camtron CMNC-200 Firmware 1.102A-008 - Unauthenticated Authentication Bypass via Double Slash URI
The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.
by Trustwave's SpiderLabs
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Path Traversal via URI
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by Trustwave's SpiderLabs
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Denial of Service via Rapid Request Flood
The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval.
by Trustwave's SpiderLabs
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Stack-Based Buffer Overflow via ActiveX Connect Method
Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.
by Trustwave's SpiderLabs
OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities
by dave b
MetInfo 3.0 - Cross-Site Scripting via Search Box Parameter
Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information.
by anT!-Tr0J4n
com_jsupport 1.5.6 - Authenticated SQL Injection via Alpha Parameter
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.
by Valentin
com_jsupport 1.5.6 - Cross-Site Scripting via Subject Parameter
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information.
by Valentin
ASPilot Pilot Cart 7.3 - SQL Injection
SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.
by Daikin
LANDesk Management Gateway <4.0-1.48 & <4.2-1.8 - Command Injection
gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack.
by Aureliano Calvo
Apple Mac OS X 10.5.8 and 10.6.x < 10.6.5 - Remote Code Execution via Directory Services Password Validation
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
by Rodrigo Rubira
WeBid 0.8.5 P1 - Cross-Site Scripting via confirm.php id Parameter
Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by John Leitch
phpshop < 2.1 - Cross-Site Scripting via register.html name_new Parameter
Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter.
by MustLive
FCKEditor Core 2.x 2.4.3 - 'FileManager upload.php' Arbitrary File Upload
by grabz
IBM OmniFind Enterprise Edition < 9.1 - Local Privilege Escalation via esRunCommand
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.
by Fatih Kilic
Ricoh Web Image Monitor 2.03 - Cross-Site Scripting
by thelightcosine
By Source