Text Exploits
31,337 exploits tracked across all sources.
Phpjabbers Event Booking Calendar - SQL Injection
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by HackXBack
Phpjabbers Appointment Scheduler - Path Traversal
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
by HackXBack
Horizon QCMS <4.0 - SQL Injection
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
by High-Tech Bridge SA
Burden <1.8.1 - Auth Bypass
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
by High-Tech Bridge SA
CVSS 9.8
Atmail < 7.1.6 - XSS
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
by Zhao Liang
Apache Archiva < 1.3.8 - Injection
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
by Takeshi Terada
CVSS 9.8
Oracle Demantra Demand Management <12.2.2 - Info Disclosure
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
by Oracle
Linux kernel <3.7.2 - Info Disclosure
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
by halfdog
Conceptronic CIPCAMPTIWL Camera 1.0-21.37.2.49 - CSRF
Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.
by Felipe Molina
Domphp < 0.83 - SQL Injection
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
by Houssamix
Dell KACE K1000 <5.4.76847 - SQL Injection
Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.
by Rohan Stelling
Domphp < 0.83 - Path Traversal
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
by Houssamix
Joomla! Component Almond Classifieds - Arbitrary File Upload
by DevilScreaM
UAEPD Shopping Cart Script - SQL Injection
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
by AtT4CKxT3rR0r1ST
UAEPD Shopping Cart Script - SQL Injection
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
by AtT4CKxT3rR0r1ST
EZGenerator - Local File Disclosure / Cross-Site Request Forgery
by AtT4CKxT3rR0r1ST
Simogeo Filemanager < 2.0.0 - Path Traversal
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
by AtT4CKxT3rR0r1ST
CVSS 6.5
Middle School Homework Page 1.3 Beta 1 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
Joomla! Component com_aclsfgpl - 'index.php' Arbitrary File Upload
by TUNISIAN CYBER
Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection
by AtT4CKxT3rR0r1ST
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
by AtT4CKxT3rR0r1ST
Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure
by AtT4CKxT3rR0r1ST
Cubic CMS <5.2 - SQL Injection
Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario.
by Eugenio Delfa
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
By Source