Text Exploits
31,386 exploits tracked across all sources.
SetSeed CMS < 5.11.2 - SQL Injection via loggedInUser Cookie
SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie.
by LiquidWorm
eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
CaupoShop Pro < 3.70 and Classic 3.01 - Path Traversal via Template Parameter
Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action.
by Rami Salama
BestShopPro - Cross-Site Scripting via nowosci.php str Parameter
Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter.
by CoBRa_21
Apache HTTP Server 2.0.x-2.0.64 and 2.2.x-2.2.21 - Denial of Service via mod_setenvif SetEnvIf Directive
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
by halfdog
vBulletin 4.1.7 - Multiple Remote File Inclusions
by indoushka
Symphony CMS < 2.2.4 - Authenticated Cross-Site Scripting via Profile or Filter Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information.
by Mesut Timur
Symphony CMS <2.2.4 - SQL Injection
Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information.
by Mesut Timur
eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities
by Netsparker Advisories
Domain Shop - 'index.php' Cross-Site Scripting
by Mr.PaPaRoSSe
Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Security Vulnerabilities
by Benjamin Kunz Mejri
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - CSRF
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
by mehdi boukazoula
HM Community < 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
by 599eme Man
Advantech WebAccess < 7.0 - Denial of Service via Modified Stream Identifier
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
by Snake
Classipress < 3.1.5 - Cross-Site Scripting via Twitter and Facebook Widget Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
by Paul Loftness
HM Community (com_hmcommunity) < 1.0 - Cross-Site Scripting via Multiple Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
by 599eme Man
com_alameda < 1.0.0 - SQL Injection via Storeid Parameter
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
by kaMtiEz
jbShop plugin for e107 7 - Cross-Site Scripting via item_id Parameter
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
by Robert Cooper
Barter Sites com_listing 1.3 - SQL Injection via category_id Parameter
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
by Chris Russell
phpalbum < 0.4.1.16 - Cross-Site Scripting via var1 or keyword Parameter
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
by BHG Security Center
phpalbum < 0.4.1.16 - Path Traversal via var1 Parameter
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
by BHG Security Center
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by Chris Russell
Joomla! Component com_jeemasms 3.2 - Multiple Vulnerabilities
by Chris Russell
By Source