Text Exploits
31,386 exploits tracked across all sources.
eocms < 0.9.03 - Remote Code Execution via BBCODE_path Parameter
PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.
by 1nd0n3s14n l4m3r
Easy Banner Pro - Cross-Site Request Forgery (Add Admin)
by bi0
Automne.ws CMS 4.0.0rc2 - Multiple Remote File Inclusions
by 1nd0n3s14n l4m3r
Ad Manager Pro 3.0 - Cross-Site Request Forgery in Admin User Creation
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.
by bi0
Zabbix < 1.6.8 - Denial of Service via Missing Separators in Request
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
by Nicob
Zabbix Agent <1.6.7 - Command Injection
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
by Nicob
Oracle E-Business Suite - Multiple Vulnerabilities
by Hacktics
Oracle E-Business Suite 11i - Multiple Remote Vulnerabilities
by Hacktics
Mail Manager Pro - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action.
by Milos Zivanovic
DigitalHive 2.0 RC2 - Cross-Site Scripting via mt Parameter
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.
by ViRuSMaN
Ruby on Rails <2.1.3 & <2.2.2 - CSRF
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
by p0deje
NetBiterConfig <1.3.0 - Buffer Overflow
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
by Ruben Santamarta
Quartz Concept Content Manager 3.00 - Authentication Bypass
by Mr.aFiR
Zeecareers 2.0 - Cross-Site Scripting / Authentication Bypass
by bi0
WS Interactive Automne 4.0 - '228-recherche.php' Cross-Site Scripting
by loneferret
Uploadscript <1.2 - Info Disclosure
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.
by Mr.aFiR
By Source