Text Exploits
31,386 exploits tracked across all sources.
PHPCMS 2008 V2 - SQL Injection via modelid Parameter
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
by R3d-D3V!L
Pixie CMS 1.0.4 - '/admin/index.php' SQL Injection
by High-Tech Bridge SA
PHPCMS 2008 V2 - SQL Injection via where_time Parameter
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
by R3d-D3V!L
PHP LOW BIDS - SQL Injection via viewfaqs.php cat Parameter
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by h4ck3r
Simploo CMS < 1.7.1 - Authenticated PHP Code Injection via FTP-Server Parameter
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
by David Vieira-Kurz
com_allcinevid 1.0.0 - SQL Injection via id Parameter
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Salvatore Fresta
CakePHP 1.2.8-1.3.5 - Remote Code Execution via Unserialize in Security Component
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
by felix
B-Cumulus - 'tagcloud' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
Pango < 1.28.3 - Heap-Based Buffer Overflow via Crafted Font File
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
by Dan Rosenberg
PHPCMS 2008 V2 - SQL Injection via where_time Parameter
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
by R3d-D3V!L
Teams Structure module 3.0 - SQL Injection via team_id Parameter
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
by Saif
Linux Kernel < 2.6.37 - Unauthorized Information Exposure via Proc Filesystem
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
by halfdog
Kingsoft AntiVirus 2011 SP5.2 - Denial of Service via KiFastCallEntry Hook
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
by MJ0011
Seopanel - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php.
by Mark Stanislav
Joomla! Component com_people 1.0.0 - Local File Inclusion
by ALTBTA
E-PROMPT C BetMore Site Suite 4.0-4.2.0 - SQL Injection via bid Parameter
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
by h4ck3r
Advanced Webhost Billing System < 2.9.2 - SQL Injection via cart.php oid Parameter
SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.
by ShivX
Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' SQL Injection
by ShivX
glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting
by Saif
CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)
by Patrick de Brouwer
Sielco Sistemi Winlog Pro < 2.07.00 - Remote Code Execution via Crafted 0x02 Opcode
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
by Luigi Auriemma
By Source