Text Exploits
31,386 exploits tracked across all sources.
Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections
by Salvatore Fresta
Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by MustLive
AV Scripts AV Arcade 3 - SQL Injection
SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task.
by saudi0hacker
KVIrc 3.x-4.x - Authenticated Arbitrary CTCP Command Execution via Backslash Handling
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
by unic0rn
Jira 4.0.1 - Cross-Site Scripting / Information Disclosure
by MaXe
Social Media - 'index.php' Local File Inclusion
by Harri Johansson
nubuilder <10.07.12 - Path Traversal
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
by John Leitch
Joomla! com_ttvideo 1.0 - SQL Injection
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
by Salvatore Fresta
Joomla! Component com_appointinator 1.0.1 - Multiple Vulnerabilities
by Salvatore Fresta
AdPeeps 8.5d1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.
by Matt
Media Player Classic - Heap Overflow / Denial of Service
by Praveen Darshanam
Visites (com_joomla-visites) 1.1 RC2 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Li0n-PaL
Joomla! <2.1.2, FreiChat/FreiChatPure - XSS
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.
by nag_sunny
Freeway CMS <1.4.3.210 - SQL Injection
SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.
by **RoAd_KiLlEr**
Anibal Monsalve Salazar sSMTP 2.61-2.62 - DoS
The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact
by Brendan Boerner
WhiteBoard 0.1.30 - Multiple Blind SQL Injections
by Salvatore Fresta
MC Content Manager 10.1 - SQL Injection / Cross-Site Scripting
by MustLive
vBulletin 3.8.6 - 'faq.php' Information Disclosure
by H-SK33PY
sNews 1.7 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
by CoBRa_21
Open Realty 2.x/3.x - Persistent Cross-Site Scripting
by K053
By Source