Text Exploits
31,386 exploits tracked across all sources.
Wireshark 1.2.0-1.2.1 - Denial of Service in TLS Dissector
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
by Buildbot Builder
Wireshark 0.99.6-1.0.8 and 1.2.0-1.2.1 - Denial of Service via OPCUA Service CallRequest Packets
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
by Buildbot Builder
Wireshark 1.2.0 and 1.2.1 - Denial of Service in GSM A RR Dissector
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
by Buildbot Builder
IP3 Networks NetAccess NA75 - Local Command Injection via Backtick Characters in CLI
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).
by r00t
HotWeb Rentals - SQL Injection via PropId Parameter
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
by R3d-D3V!L
FotoTagger 2.12.0.0 - '.XML' Buffer Overflow (PoC)
by the_Edit0r
Batch Picture Watemark 1.0 - '.jpg' Local Crash (PoC)
by the_Edit0r
TurtuShout 0.11 - SQL Injection via Name Field
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
by jdc
BS Counter 2.5.3 - SQL Injection via Page Parameter
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Bgh7
Aurora CMS 1.0.2 - Remote Code Execution via AURORA_MODULES_FOLDER Parameter
PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.
by EA Ngel
Neufbox NB4-R1.5.10-MAIN - Persistent Cross-Site Scripting
by 599eme Man
Paul Smith Computer Services vCAP <1.9.0 - Path Traversal
Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by securma massine
com_hbssearch - SQL Injection via h_id, id, or rid Parameters
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
by K-159
Datavore Gyro 5.0 - Cross-Site Scripting via Home Component cid Parameter
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
by OoN_Boy
Xerver HTTP Server 4.32 - Exposure of Sensitive Information via ::$DATA Suffix
Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
by Dr_IDE
Kolibri+ Web Server 2 - Source Code Disclosure
by SkuLL-HackeR
Kolibri+ Web Server 2 - Arbitrary Source Code Disclosure (2)
by Dr_IDE
SZNews 2.7 - Remote Code Execution via printnews.php3 id Parameter
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
by kurdish hackers team
Planet and Planet Venus - Cross-Site Scripting via IMG SRC Attribute
Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.
by Steve Kemp
PHP-IPNMonitor - SQL Injection via maincat_id Parameter
SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter.
by noname
Match Agency BiZ 1.0 - Cross-Site Scripting via Important Parameter or PID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
by Moudi
Match Agency BiZ 1.0 - Cross-Site Scripting via Important Parameter or PID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
by Moudi
com_hbssearch - Cross-Site Scripting via Adult Parameter
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.
by K-159
Joomla! Component com_mediaalert - 'id' SQL Injection
by Moudi
By Source