Text Exploits
31,386 exploits tracked across all sources.
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
AJ Square AJ HYIP PRIME - SQL Injection
SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JosS
AJ Square AJ HYIP MERIDIAN - SQL Injection
SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JosS
Outlook Web Access 2003 - Cross-Site Request Forgery
by anonymous
id Software id Tech 4 Engine - 'idGameLocal::GetGameStateObject()' Remote Code Execution
by Luigi Auriemma
Monolith Lithtech Game Engine - Memory Corruption
by Luigi Auriemma
Unreal Tournament 3 2.1 - 'STEAMBLOB' Remote Denial of Service
by Luigi Auriemma
Microsoft Internet Explorer 7 - Microsoft Clip Organizer Multiple Insecure ActiveX Control Denial of Service Vulnerabilities
by Beenu Arora
PHP Chat for 123 Flash Chat - Remote File Inclusion
by HaCkEr arar
Mozilla Firefox <3.5.11 & SeaMonkey <2.0.6 - RCE
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
by J23
Mayasan Portal 2.0 - 'makaledetay.asp' SQL Injection
by v0calist
Mayasan Portal 2.0 - 'haberdetay.asp' SQL Injection
by CoBRa_21
SnowFlake CMS 0.9.5 Beta - 'uid' SQL Injection
by Dinesh Arora
OpenLDAP 2.4.22 - Denial of Service via Invalid UTF-8 RDN String
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
by Ilkka Mattila
CVSS 9.8
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
by Ivanlef0u
Microsoft DirectX 8/9 DirectPlay - Multiple Denial of Service Vulnerabilities
by Luigi Auriemma
YACS CMS 10.5.27 - 'context[path_to_root]' Remote File Inclusion
by eidelweiss
Kayako eSupport 3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
by ScOrPiOn
By Source