Text Exploits
31,386 exploits tracked across all sources.
Rhino Software Serv-U Web Client 9.0.0.5 - Stack-Based Buffer Overflow via Long Session Cookie
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
by Nikolas Rangos
TFTgallery 0.13 - Cross-Site Scripting via Sample Parameter
Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter.
by blake
TFTgallery 0.13 - Path Traversal via Album Parameter
Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.
by blake
Twilight CMS < 4.1 - Cross-Site Scripting via News Calendar Parameter
Cross-site scripting (XSS) vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information.
by Vladimir Vorontsov
PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection
by Davide Canali
CubeCart 4.3.4 - Unauthenticated Administrative Access Bypass via Empty Session ID or Headers
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
by Bogdan Calin
OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service
by Maksymilian Arciemowicz
BSD (Multiple Distributions) - 'printf(3)' Memory Corruption
by Maksymilian Arciemowicz
Adobe Photoshop Elements 8.0 - Incorrect Permission Assignment for Critical Resource in Active File Monitor Service
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
by bellick
CVSS 7.8
Wowd - 'index.html' Multiple Cross-Site Scripting Vulnerabilities
by Lostmon
Cherokee Web Server <0.5.4 - Path Traversal
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
by Dr_IDE
Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation
by Jeremy Brown
Piwigo < 2.0.6 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Andrew Paterson
PHP168 6.0 - Command Execution
by Securitylab Security Research
Oscailt 3.3 - Unauthenticated Local File Inclusion via obj_id Parameter
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter.
by s4r4d0
Boloto Media Player 1.0.0.9 - '.pls' File Denial of Service
by Dr_IDE
Sahana 0.6.2.2 - Path Traversal via Mod Parameter
Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
by Greg Miernicki
VMware ESX <4.0 - Privilege Escalation
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
by Tavis Ormandy & Julien Tinnes
Firefox < 3.0.15 and 3.5.x < 3.5.4 - Remote Code Execution via GIF Image Parser
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
by regenrecht
KDE 4.3.2 - Multiple Input Validation Vulnerabilities
by Tim Brown
K-Meleon 1.5.3 - Heap-Based Buffer Overflow via Large Precision Value in printf Format Argument
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
by Alin Rad Pop
Novell eDirectory 8.8sp5 - Remote Buffer Overflow
by karak0rsan_ murderkey
Cherokee Web Server 0.5.4 - DoS
Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.
by Usman Saeed
By Source