Text Exploits
31,386 exploits tracked across all sources.
com_ccnewsletter 1.0.5 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
by B-HUNT3|2
CVSS 5.8
Battery Life Toolkit 1.0.9 - 'bltk_sudo' Local Privilege Escalation
by Matthew Garrett
PaperThin CommonSpot Content Server - Cross-Site Scripting via URL Parameter in utilities/longproc.cfm
Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter.
by Richard Brain
IBM DB2 9.1-9.7 - Authenticated Heap-Based Buffer Overflow via REPEAT Function
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
by Evgeny Legerov
Joomla! Component VirtueMart Module Customers_who_bought - SQL Injection
by B-HUNT3|2
Joomla! Component com_virtuemart - order_status_id SQL Injection
by B-HUNT3|2
SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting
by Richard Brain
HP System Management Homepage 3.0.2 - 'servercert' Cross-Site Scripting
by Richard Brain
PostgreSQL 7.4-7.4.28 - Denial of Service via Negative Integer in bitsubstr Function
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
by Intevydis
Geo++ GNCASTER < 1.4.0.7 - Denial of Service via Long URI Request
Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI.
by RedTeam Pentesting GmbH
Joomla! Component 3D Cloud - 'tagcloud.swf' Cross-Site Scripting
by MustLive
Cisco Secure Desktop < 3.5 - Cross-Site Scripting via Crafted POST Parameter
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
by Matias Pablo Brutti
com_mochigames 0.51 - SQL Injection via id Parameter
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by B-HUNT3|2
Mozilla Firefox 3.6 - XML Parser Memory Corruption (PoC) / Denial of Service
by d3b4g
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection
by cp77fk4r
magic-portal 2.1 - SQL Injection via home.php id Parameter
SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by alnjm33
Joomla! Component JBDiary - Blind SQL Injection
by B-HUNT3|2
Joomla! Component com_jbpublishdownfp - SQL Injection
by B-HUNT3|2
Joomla! Component com_ContentBlogList - SQL Injection
by B-HUNT3|2
Joomla com_casino 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
by B-HUNT3|2
By Source