Text Exploits
31,386 exploits tracked across all sources.
LetoDMS < 1.7.2 - Authenticated Path Traversal via Lang Parameter
Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by D. Fabian
Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow
by Dr_IDE
stap-server <1.1 - Command Injection
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
by Frank Ch. Eigler
DokuWiki < 2009-12-25b - Unauthenticated Privilege Escalation via ACL Manager Plugin
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
by IHTeam
Technology for Solutions 1.0 - 'id' Cross-Site Scripting
by PaL-D3v1L
codingfish com_marketplace 1.2 - Cross-Site Scripting via catid Parameter
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
by ViRuSMaN
com_articlemanager - SQL Injection via artid Parameter
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
by FL0RiX
DokuWiki < 2009-12-25b - Directory Traversal via ACL Manager ns Parameter
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
by IHTeam
Zend Framework 1.9.6 - Multiple Input Validation Vulnerabilities / Security Bypass
by draic Brady
Zenoss < 2.5 - Authenticated SQL Injection via Events API Parameters
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
by nGenuity Information Services
OpenOffice 3.1 - '.csv' Remote Denial of Service
by Hellcode Research
StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting
by PaL-D3v1L
Joomla! Component com_tienda - 'categoria' Cross-Site Scripting
by FL0RiX
Hesk Help Desk 2.1 - Cross-Site Request Forgery
by The.Morpheus
CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities
by h00die
Bash - Terminal Escape Sequence Injection via LS_OPTIONS
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.
by Eric Piel
Asp VevoCart Control System 3.0.4 - Database Disclosure
by indoushka
Simple PHP Blog 0.5.x - 'search.php' Cross-Site Scripting
by Sora
PHPepperShop 2.5 - Cross-Site Scripting via darstellen Parameter
Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter.
by Crux
By Source