Text Exploits
31,386 exploits tracked across all sources.
Bilder Upload Script Datei Upload 1.09 - Arbitrary File Upload
by Mr.Benladen
2DayBiz Matrimonial Script - 'smartresult.php' SQL Injection
by Easy Laster
WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting
by sebug
Joomla! - Path Traversal
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
by Sid3^effects
Joomla! Component jeeventcalendar - Local File Inclusion
by Sid3^effects
Joomla! Component JE Media Player - Local File Inclusion
by Sid3^effects
JExtensions JE Awd Song (com_awd_song) - Stored Cross-Site Scripting via Song Review Field
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.
by Sid3^effects
Joomla com_sef - Remote Code Execution via mosConfig.absolute.path Parameter
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
by Li0n-PaL
Joomla! Component com_jejob - Local File Inclusion
by Sid3^effects
JExtensions JE Story Submit (com_jesubmit) 1.4 - SQL Injection via View Parameter
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
by L0rd CrusAd3r
ARSC Really Simple Chat 3.3 - Remote File Inclusion / Cross-Site Scripting
by Zer0 Thunder
2DayBiz Matrimonial Script - SQL Injection / Cross-Site Scripting
by Sangteamtham
2DayBiz B2B Portal Script - 'selling_buy_leads1.php' SQL Injection
by r45c4l
2daybiz Custom T-Shirt Design Script - SQL Injection
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.
by Sangteamtham
feh < 1.8 - Remote Code Execution via URL Shell Metacharacters
feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
by anonymous
Cisco ASA 5580 - CRLF Injection via WebVPN URI
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.
by Daniel King
2daybiz Web Template Software - Cross-Site Scripting via Category Keyword or Member Login Password Parameter
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
by Sangteamtham
Novell iManager <=2.7.3 FTF2 - Authenticated RCE via EnteredClassID/NewClassName
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
by Core Security Technologies
UFO: Alien Invasion <= 2.2.1 - Stack-based Buffer Overflow in IRC Client via Crafted 001 Message
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
by Jason Geffner
OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities
by David Shaw
OneCMS 2.6.1 - 'cat' Cross-Site Scripting
by High-Tech Bridge SA
By Source