Text Exploits
31,386 exploits tracked across all sources.
Joomla! com_quickfaq 1.0.3 - SQL Injection
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.
by RoAd_KiLlEr
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting
by Sid3^effects
Oracle MySQL 5.1 - Authenticated Denial of Service via InnoDB Configuration Parameter Modification
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
by Elena Stepanova
Microsoft Outlook Web Access <SP2 - CSRF
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
by Rosario Valotta
Battlefield 2 < 2.1.50 and Battlefield 2142 < 1.10.48.0 - Path Traversal via Logo and Map Download URLs
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.
by Luigi Auriemma
Microsoft Windows - 'cmd.exe' Unicode Buffer Overflow (SEH)
by bitform
Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
by Luigi Auriemma
osCSS < 1.2.2 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by High-Tech Bridge SA
com_music - Path Traversal via Album CID Parameter
Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
by Sid3^effects
Digia QT < 4.6.3 - Improper Input Validation
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
by Luigi Auriemma
KMSoft Guestbook - SQL Injection via p Parameter
SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.
by SONIC
InterJoomla ArtForms 2.1b7.2 RC2 - SQL Injection
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
by Salvatore Fresta
By Source