Text Exploits
31,386 exploits tracked across all sources.
SweetRice < 0.5.4 - Remote File Inclusion via root_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
by cr4wl3r
WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Cross-Site Scripting
by MustLive
SweetRice < 0.5.3 - Remote File Inclusion via Plugin Parameter
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
by cr4wl3r
Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities
by waraxe
MuPDF <20091125231942 - Buffer Overflow
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.
by Christophe Devine
Uploaderr 1.0 File Hosting Script - Arbitrary File Upload
by DigitALL
phpBazar < 2.1.1fix - SQL Injection via Classified.php catid Parameter
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.
by MizoZ
LyftenBloggie 1.0.4 - SQL Injection
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
by kaMtiEz
PHP-Nuke 8.0 - News Module Cross-Site Scripting / HTML Code Injection
by K053
Micronet Network Access Controller SP1910 - XSS
Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by K053
Cacti < 0.8.7g - Cross-Site Scripting via graph_start Parameter
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
by Moritz Naumann
WP-Cumulus Plug-in <1.20 - Info Disclosure
WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
by MustLive
RADIO istek scripti 2.5 - Info Disclosure
RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.
by kurdish hackers team
phpBazar <2.1.1fix - Info Disclosure
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
by kurdish hackers team
Joomla! Component com_mygallery - 'cid' SQL Injection
by S@BUN
Google Calendar GCalendar <2.1.4 - SQL Injection
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
by Yogyacarderlink Crew
XM Easy Personal FTP Server 5.8.0 - DoS
XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command.
by leinakesi
TYPSoft FTP Server 1.10 - Authenticated Denial of Service via APPE and DELE Command Sequence
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.
by leinakesi
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)
by MustLive
By Source