Text Exploits
31,386 exploits tracked across all sources.
PHP-Nuke Web_Links Module - SQL Injection via URL Parameter
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
by ITSecTeam
Joomla! Component com_yellowpages - SQL Injection
by al bayraqim
Allinta CMS 22.07.2010 - SQL Injection
Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp.
by High-Tech Bridge SA
Tycoon Baseball Script 1.0.9 - SQL Injection
SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action.
by Silic0n
OpenSSL <1.0.0a-0.9.7 - Use After Free
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
by Georgi Guninski
libtiff < 3.9.4 - Denial of Service via Invalid td_stripbytecount Field
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
by Tomas Hoger
Prado Portal 1.2 - 'page' Cross-Site Scripting
by High-Tech Bridge SA
Joomla! Component com_cgtestimonial 2.2 - Multiple Vulnerabilities
by Salvatore Fresta
PHPFinance 0.6 - '/group.php' SQL Injection / HTML Injection
by skskilL
Nuked-Klan Partenaires 1.5 - SQL Injection
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Metropolis
Muraus Open Blog - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
Hulihan BXR 0.6.8 - SQL Injection via order_by Parameter
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
by High-Tech Bridge SA
Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
DiamondList 0.1.6 - Cross-Site Scripting via Category Description and Site Title Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
by High-Tech Bridge SA
DiamondList 0.1.6 - Cross-Site Scripting via Category Description and Site Title Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
by High-Tech Bridge SA
cctiddly 1.7.4 and 1.7.6 - Remote Code Execution via cct_base Parameter
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
by eidelweiss
APBoard Developers APBoard < 2.1.0 - SQL Injection via id Parameter
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
by secret
Uzbl <2010.08.05 - Command Injection
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
by Chuzz
DT Centrepiece 4.5 - Cross-Site Scripting / Security Bypass
by High-Tech Bridge SA
iPhone OS - Remote Code Execution via Crafted CFF Opcodes in Embedded Fonts
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
by jailbreakme
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
by Nahuel Riva
By Source