Text Exploits
31,386 exploits tracked across all sources.
osCommerce 2.2 - Cross-Site Request Forgery
by daandeveloper33
com_jquarks4s 1.0.0 - SQL Injection via submitSurvey q Parameter
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
by Salvatore Fresta
Joomla! Component com_img - Local File Inclusion
by CoBRa_21
Joomla! Component btg_oglas - HTML / Cross-Site Scripting Injection
by CoBRa_21
IBM OmniFind Enterprise Edition 8.x and 9.x - Session Impersonation via Stolen Cookie
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.
by Fatih Kilic
IBM OmniFind EE <9.1 - Privilege Escalation
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.
by Fatih Kilic
Oracle MySQL 5.1 < 5.1.49 - Authenticated Denial of Service via IN or CASE Operations with NULL Arguments
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
by Shane Bester
IBM OmniFind Enterprise Edition < 8.5 FP6 - Stack-based Buffer Overflow via Long Password
Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password.
by Fatih Kilic
Novell GroupWise < 8.0.2 - Remote Code Execution via IMAP LIST Command
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.
by Francis Provencher
GroupWise Internet Agent <8.02HP - Buffer Overflow
Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1) LIST or (2) LSUB command.
by Francis Provencher
D-Link DIR-300 - Multiple Security Bypass Vulnerabilities
by Karol Celia
xt:Commerce Shopsoftware 3/4 - 'FCKeditor' Arbitrary File Upload
by Net.Edit0r
WordPress Plugin WP Survey And Quiz Tool 1.2.1 - Cross-Site Scripting
by John Leitch
Vodpod Video Gallery Plugin <3.1.5 - XSS
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.
by John Leitch
WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal
by John Leitch
WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure
by John Leitch
WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting
by John Leitch
Pro Desk Support Center 1.0 and 1.2 - Path Traversal via Include File Parameter
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
by d3v1l
Cookex Agency CKForms <1.3.3 - Path Traversal
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by ALTBTA
Joomla! Component com_clan - SQL Injection
by AtT4CKxT3rR0r1ST
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
By Source