Text Exploits
31,386 exploits tracked across all sources.
OpenOffice - '.slk' Parsing Null Pointer
by Hellcode Research
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections
by AmnPardaz Security Research Team
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
AdvertisementManager 3.1.0 - Remote Code Execution via req Parameter
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by indoushka
Blaze Apps 1.x - SQL Injection / HTML Injection
by AmnPardaz Security Research Team
OpenOffice 3.1 - '.slk' Null Pointer Dereference Remote Denial of Service
by Hellcode Research
SurgeFTP 2.x - 'surgeftpmgr.cgi' Multiple Cross-Site Scripting Vulnerabilities
by indoushka
Adobe AIR < 1.5.3.9130 and Flash Player < 10.0.45.2 - Denial of Service via Modified SWF File
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
by Mert SARICA
Testlink TestManagement and Execution System 1.8.5 - Multiple Directory Traversal Vulnerabilities
by Prashant Khandelwal
TestLink 1.8.5 - 'order_by_login_dir' Cross-Site Scripting
by Prashant Khandelwal
Mobile Chat 2.0.2 - 'chatsmileys.php' Cross-Site Scripting
by indoushka
Hitmaaan Gallery 1.3 - Cross-Site Scripting via gall or levela Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters.
by indoushka
Jokes Complete Website - Cross-Site Scripting via id Parameter or searchingred Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
by indoushka
Jokes Complete Website - Cross-Site Scripting via id Parameter or searchingred Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
by indoushka
BitScripts Bits Video Script 2.05 Gold Beta - Remote Code Execution via rowptem[template] Parameter
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.
by indoushka
BitScripts Bits Video Script 2.05 Gold Beta - Remote Code Execution via rowptem[template] Parameter
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.
by indoushka
BitScripts Bits Video Script 2.04 and 2.05 Gold Beta - Cross-Site Scripting via search.php order Parameter
Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter.
by indoushka
BitScripts Bits Video Script 2.04-2.05 Gold Beta - Unauthenticated Arbitrary File Upload
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by indoushka
BitScripts Bits Video Script 2.04-2.05 Gold Beta - Unauthenticated Arbitrary File Upload
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by indoushka
By Source