Text Exploits
31,386 exploits tracked across all sources.
Joomla! Component com_xball - 'team_id' SQL Injection
by CoBRa_21
Joomla! Component com_br - 'Controller' Local File Inclusion
by the_cyber_nuxbie
AllWebMenus <1.1.8 - Code Injection
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
by 6Scan
AllWebMenus WordPress Plugin 1.1.8 - Unauthenticated Arbitrary File Upload and Remote Code Execution
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
by 6Scan
miniCMS 1.0 and 2.0 - Remote Code Execution via Pagename or Area Variable
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
by Or4nG.M4N
tribiq CMS - SQL Injection via id Parameter
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Skote Vahshat
Lead Capture Page System - Stored Cross-Site Scripting via Admin Login Message Parameter
Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by HashoR
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by the_cyber_nuxbie
Joomla! Component Full - 'id' SQL Injection
by the_cyber_nuxbie
Joomla! Component com_some - 'Controller' Local File Inclusion
by the_cyber_nuxbie
com_obsuggest < 1.8 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by the_cyber_nuxbie
Joomla! Component com_car - Multiple SQL Injections
by the_cyber_nuxbie
Joomla! Component com_bulkenquery - 'Controller' Local File Inclusion
by the_cyber_nuxbie
Joomla! Component com_boss - 'Controller' Local File Inclusion
by the_cyber_nuxbie
Raven 1.0 - 'connector.asp' Arbitrary File Upload
by HELLBOY
Aryadad CMS - SQL Injection via PageID Parameter
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.
by Red Security TEAM
acidcat_cms 3.5.1, 3.5.2, 3.5.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.
by Avram Marius
Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Alexander Fuchs
Snitz Forums 2000 - SQL Injection via TOPIC_ID Parameter
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.
by snup
ICloudCenter ICTimeAttendance 1.0 - SQL Injection
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
by v3n0m
WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting
by Gianluca Brindisi
Vastal EzineShop - 'view_mags.php' SQL Injection
by Lazmania61
PostNuke pnAddressbook Module - 'id' SQL Injection
by Robert Cooper
By Source