Text Exploits
31,386 exploits tracked across all sources.
4homepages 4Images 1.7.x - 'categories.php' SQL Injection
by Ahmed Atif
HP 9000 - Path Traversal
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
by n.runs AG
MicroNetsoft RV Dealer Website - SQL Injection via selStock or orderBy Parameter
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.
by underground-stockholm.com
CA Internet Security Suite Plus 2010 - Local Denial of Service and Arbitrary Code Execution via KmxSbx.sys IOCTL
Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.
by Nikita Tarakanov
Skeletonz CMS 1.0 - Cross-Site Scripting via Blog Comment Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
by Jbyte
jurpopage 0.2.0 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
by Sudden_death
jurpopage 0.2.0 - SQL Injection via note or pg Parameter
Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Sudden_death
PHP Web Scripts Easy Banner Free 2009.05.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
by Aliaksandr Hartsuyeu
PHP Web Scripts Easy Banner Free <2009.05.18 - SQL Injection
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by Aliaksandr Hartsuyeu
E-lokaler CMS 2 - Admin Login Multiple SQL Injections
by ali_err0r
SiteEngine 7.1 - SQL Injection via Module Parameter
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.
by Beach
Harmistechnology Com Jeajaxeventcalendar - SQL Injection
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
by ALTBTA
Microsoft Windows - Stack-based Buffer Overflow in RtlQueryRegistryValues via Crafted REG_BINARY Value
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
by noobpwnftw
CVSS 7.8
WSN Links < 5.0.81, < 5.1.51, < 6.0.1 SQL Injection via search.php
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
by Mark Stanislav
phpvidz 0.9.5 - Administrative Credentials Disclosure
by Michael Brooks
Getsimple CMS 2.01 < 2.02 - Administrative Credentials Disclosure
by Michael Brooks
Free Simple Software 1.0 - SQL Injection via downloads_id Parameter
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.
by Mark Stanislav
SimpLISTic SQL 2.0 - 'email.cgi' Cross-Site Scripting
by Aliaksandr Hartsuyeu
ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Cross-Site Scripting
by Usman Saeed
By Source