Text Exploits
31,386 exploits tracked across all sources.
GeekLog 1.7.0 - 'FCKeditor' Arbitrary File Upload
by Kubanezi AHG
CubeCart 2.0.1 - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by X_AviaTique_X
GNU C Library <2.12-1.7.el6_0.3 - Privilege Escalation
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
by Tavis Ormandy
Kisisel Radyo Script - SQL Injection via Id Parameter
SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter.
by FuRty
Microsoft Windows - SMB NTLM Authentication Spoofing via Insufficient Entropy
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
by Hernan Ochoa
Opera 10.63 - SVG Animation Element Denial of Service
by fla
Kisisel Radyo Script - Unauthenticated Sensitive Information Disclosure via Direct Database Request
Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb.
by FuRty
Microsoft Internet Explorer <8 - RCE
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
by Core Security
IBM solidDB <= 6.5.0.3 - Denial of Service via TCP Packet Handling
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315.
by Luigi Auriemma
IBM solidDB < 6.5.0.3 - Denial of Service via TCP Port 1315 Packet with Many Integer Fields
Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function.
by Luigi Auriemma
Rocket Software UniData 7.2.7.3806 - Denial of Service
by Luigi Auriemma
DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
by Luigi Auriemma
eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
IBM solidDB <= 6.5.0.3 - Denial of Service via Malformed Packet Data
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315.
by Luigi Auriemma
TWiki < 5.0.1 - Cross-Site Scripting via rev Parameter or Login Query String
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
by DOUHINE Davy
TWiki < 5.0.1 - Cross-Site Scripting via rev Parameter or Login Query String
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
by DOUHINE Davy
Data/File - upload and Management Arbitrary File Upload
by saudi0hacker
Oracle Java SE/Jav for Bus 6 - Info Disclosure
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
by Skylined
Winamp < 5.6 - Buffer Overflow in in_mod Plugin via Comment Box
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
by Luigi Auriemma
By Source