Text Exploits
31,386 exploits tracked across all sources.
openEngine 2.0 100226 - Local File Inclusion / Cross-Site Scripting
by SecPod Research
ClanSphere 2010.0 Final - Multiple Vulnerabilities
by High-Tech Bridge SA
Eclipse IDE < 3.6.2 - Cross-Site Scripting via Help Contents Query String
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
by Aung Khant
Eclipse IDE < 3.6.2 - Cross-Site Scripting via Help Contents Query String
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
by Aung Khant
BPDirectory Business Directory - Authentication Bypass
by v3n0m
BPConferenceReporting Web Reporting - Authentication Bypass
by v3n0m
BPAffiliate Affiliate Tracking - Authentication Bypass
by v3n0m
Nuked-klaN Module Boutique - Blind SQL Injection
by [AR51]Kevinos
Joomla! Component com_alfurqan15x - SQL Injection
by kaMtiEz
Chameleon Social Networking - Stored Cross-Site Scripting via Thread Title and Description Parameters
Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic.php in Chameleon Social Networking allow remote attackers to inject arbitrary web script or HTML via the (1) thread_title and (2) thread_description parameters in a message.
by Dr-mosta
Web Wiz NewsPad - Unauthenticated Sensitive Information Exposure via Direct Database Request
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
by keracker
Best Soft Inc. Advance Hotel Booking System 1.0 - SQL Injection
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by v3n0m
OneOrZero AIMS 2.6.0-2.7.0 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.
by Valentin
Foxit PDF Reader < 4.2.0.0928 - Stack-based Buffer Overflow via PDF Info Title Entry
Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.
by dookie
WordPress Event Registration <5.32 - SQL Injection
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
by k3m4n9i
Webmatic - SQL Injection via Index.php p Parameter
SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.
by v3n0m
PreProjects Pre Online Tests Generator Pro - SQL Injection
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
by Cru3l.b0y
OneOrZero AIMS 2.6.0 - Path Traversal
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.
by Valentin
By Source