Text Exploits
31,386 exploits tracked across all sources.
Python 2.5.0-2.5.5 - Out-of-bounds Write in audioop Module
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
by haypo
VideoWhisper PHP 2 Way Video Chat - Cross-Site Scripting via r Parameter
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php.
by Sid3^effects
MODx 1.0.3 - 'index.php' Multiple SQL Injections
by High-Tech Bridge SA
Lyrics Script - SQL Injection / Cross-Site Scripting
by Valentin
Joke Website Script - SQL Injection / Cross-Site Scripting
by Valentin
Daily Inspirational Quotes Script - SQL Injection
by Valentin
LibTIFF 3.9.0 - Denial of Service via Crafted TIFF File
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
by Tom Lane
Trend Micro Interscan Web Security Virtual Appliance - Multiple Vulnerabilities
by Ivan Huertas
UTStats Beta 4 and earlier - Cross-Site Scripting via mid Parameter
Cross-site scripting (XSS) vulnerability in pages/match_report.php in UTStats Beta 4 and earlier allows remote attackers to inject arbitrary web script or HTML via the mid parameter.
by LuM Member
Yamamah Photo Gallery 1.00 - Path Traversal via Download Parameter
Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
by mat
Yamamah (Dove Photo Album) 1.00 - SQL Injection
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.
by CoBRa_21
UTStats Beta 4 and earlier - SQL Injection via pid Parameter in matchp Action
SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.
by LuM Member
Digital Interchange Document Library <5.8.5 - SQL Injection
SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.
by L0rd CrusAd3r
Digital Interchange Calendar <5.8.5 - SQL Injection
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.
by L0rd CrusAd3r
Yamamah Photo Gallery 1.00 - SQL Injection via News Parameter
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.
by anT!-Tr0J4n
Yamamah (Dove Photo Album) 1.00 - SQL Injection
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.
by TheMaStEr
Yamamah Photo Gallery 1.00 - Unauthenticated Source Code Disclosure via Download Parameter
index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter.
by anT!-Tr0J4n
By Source