Text Exploits
31,386 exploits tracked across all sources.
Serialsystem 1.0.4 Beta - 'list' Cross-Site Scripting
by indoushka
FreePBX 2.5.x < 2.6.0 - Persistent Cross-Site Scripting
by Ivan Huertas
Zenoss < 2.5 - Cross-Site Request Forgery via Admin Password Reset and Command Change
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.
by Adam Baldwin
Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Execution (PoC)
by superli
Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (2)
by Stink'
PHP F1 Max's Image Uploader 1.0 - Unauthenticated Arbitrary File Upload via pjpeg/jpeg Extension Handling
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
by indoushka
Joomla! com_libros - SQL Injection via id Parameter
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
by FL0RiX
Novatel Wireless MiFi 2352 - Password Information Disclosure
by Alejandro Ramos
RoseOnlineCMS 3 B1 - Remote Authentication Bypass
by cr4wl3r
PHP-RESIDENCE 0.7.2 - Multiple Local File Inclusions
by cr4wl3r
ITechSctipts Alibaba Clone - Multiple Vulnerabilities
by Hamza 'MizoZ' N.
Ebay Clone 2009 - SQL Injection via id or cid Parameter
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
by Hamza 'MizoZ' N.
CLONEBID B2B Marketplace - Multiple Vulnerabilities
by Hamza 'MizoZ' N.
By Source