Text Exploits
31,394 exploits tracked across all sources.
Pligg CMS 2.0.0rc2 - Cross-Site Request Forgery (File Creation)
by DaOne
vtiger CRM < 6.0.0 - Authenticated Path Traversal via KCFinder File Parameter
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
by DaOne
zldnn dnnarticle < 10.0 - SQL Injection via categoryid Parameter
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
by Sajjad Pourali
Alibaba Clone Tritanium Version - 'news_desc.html' SQL Injection
by IRAQ_JAGUAR
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion
by Takeshi Terada
Vastal I-Tech phpVID <1.2.3 - SQL Injection
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
by 3spi0n
Vastal I-Tech phpVID 1.1 and 1.2.3 - SQL Injection via groups.php cat Parameter
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
by 3spi0n
Vastal I-Tech phpVID 1.1, 1.2, 1.2.3 - Cross-Site Scripting via Search Results Query Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
by 3spi0n
Oracle Java - 'storeImageArray()' Invalid Array Indexing
by Packet Storm
HMS Testimonials < 2.0.11 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page).
by RogueCoder
CVSS 6.1
Tribq CMS 5.2.7 - Cross-Site Request Forgery (Adding/Editing New Administrator Account)
by Yashar shahinzadeh
Vastal phpVID 1.2.3 - Cross-Site Scripting via Browse Videos or Groups Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.
by 3spi0n
Open Real Estate CMS 1.5.1 - Multiple Vulnerabilities
by Yashar shahinzadeh
MLMAuction Script - 'gallery.php?id' SQL Injection
by 3spi0n
Joomla! com_redshop 1.0 - SQL Injection
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.
by Matias Fontanini
Gnew 2013.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.
by LiquidWorm
Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities
by Taha Hunter
HTC Sync Manager - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities
by Iranian_Dark_Coders_Team
PHPFox - SQL Injection via search[gender] Parameter
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
by Matias Fontanini
PHPFox - SQL Injection via search[sort_by] Parameter
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
by Matias Fontanini
BigTree CMS < 4.0 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
by High-Tech Bridge SA
By Source