Text Exploits
31,386 exploits tracked across all sources.
TANDBERG F8.2 / F8.0 / F7.2 / F6.3 - Remote Denial of Service
by otokoyama
WordPress Plugin Image Manager - Arbitrary File Upload
by DigitALL
PhpShop 0.8.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.
by Andrea Fabrizi
WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting
by intern0t
YABSoft Advanced Image Hosting Script 2.2 - Cross-Site Scripting via search.php text parameter
Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.
by R3VAN_BASTARD
Joomla! Component yt_color YOOOtheme - Cross-Site Scripting / Cookie Stealing
by andresg888
Joomla! Component You!Hostit! 1.0.1 Template - Cross-Site Scripting
by andresg888
Joomla! Component YOOtheme Warp5 - 'yt_color' Cross-Site Scripting
by andresg888
Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection
by Dawid Golunski
PTCPay GeN3 forum 1.3 - SQL Injection
SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Dr.0rYX & Cr3W-DZ
Clixint Technologies DPI - Cross-Site Scripting
by anonymous
Huawei MT882 V100R002B020 ARG-T 3.7.9.98 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1.
by DecodeX01
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 - Remote Code Execution via JavaScript in .ds, .dsa, .dse, or .dsb Files
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."
by Core Security
Theeta CMS - SQL Injection via Forum Start Parameter
Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php.
by c0dy
PHP < 5.2.10 - Memory Disclosure and Denial of Service via ini_set and ini_restore
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
by Maksymilian Arciemowicz
Huawei MT882 V100R002B020 ARG-T - Info Disclosure
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.
by DecodeX01
Simple Machines Forum <= 2.0.3 - Authenticated File Disclosure via Admin Interface
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
by SimpleAudit Team
CVSS 4.9
Kide Shoutbox 0.4.6 - Cross-Site Scripting / AXFR
by andresg888
Robert Zimmerman PHP / MySQL Scripts - Authentication Bypass
by DUNDEE
By Source