Text Exploits
31,386 exploits tracked across all sources.
NetArt Media Car Portal 2.0 - 'car' SQL Injection
by RoAd_KiLlEr
Horde IMP < 4.3.8 & Groupware Webmail < 1.2.7 - XSS via Fetchmail fm_id Parameter
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
by Moritz Naumann
Entrans < 0.3.2 - SQL Injection via Poll SID Parameter
SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter.
by keracker
Mura CMS <5.1.498-5.2.2809 & Sava CMS 5-5.2 - Path Traversal
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.
by mr_me
Traidnt UP - Cross-Site Request Forgery (Add Admin)
by John Johnz
Mambo/Joomla! - com_elite_experts - SQL Injection
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
by **RoAd_KiLlEr**
FreePBX < 2.8.0 - Authenticated Path Traversal and Arbitrary File Write via System Recordings Component
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
by Trustwave's SpiderLabs
Collaborative Passwords Manager 1.07 - Multiple Local File Inclusions
by sh00t0ut
Microsoft Excel - HFPicture Record Parsing Memory Corruption
by Abysssec
WAnewsletter 2.1.2 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by BrOx-Dz
OpenText LiveLink 9.7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Alejandro Ramos
Geeklog 1.3.8 - SQL Injection via lid Parameter
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
by Gamoscu
Skybluecanvas 1.1-r248 - Cross-Site Request Forgery
by Sweet
com_timetrack 1.2.4 - SQL Injection via ct_id Parameter
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
by Salvatore Fresta
Joostina (com_ezautos) - SQL Injection
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
by Gamoscu
BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass
by K-159
By Source