Text Exploits
31,386 exploits tracked across all sources.
Ubiquiti AirOS < 4.0.1 - Command Injection via stainfo.cgi ifname Parameter
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
by emgent
CVSS 9.8
System CMS Contentia - 'news.php' SQL Injection
by GlaDiaT0R
Internet DM Specialist Bed and Breakfast - SQL Injection via pp_id Parameter
SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.
by JaMbA
Joomanager - SQL Injection via catid Parameter
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by Sid3^effects
JOOFORGE Gamesbox <1.0.2 - SQL Injection
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.
by v3n0m
Joomla! com_wmtpic <1.0 - SQL Injection
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
by RoAd_KiLlEr
YPNinc JokeScript - SQL Injection via ypncat_id Parameter
SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter.
by v3n0m
Internet DM WebDM CMS - SQL Injection
SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter.
by Dr.0rYX & Cr3W-DZ
TornadoStore <1.4.3 - SQL Injection
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
by Lucas Apa
PHP Bible Search - SQL Injection via Chapter Parameter
SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter.
by L0rd CrusAd3r
PHP Bible Search - Cross-Site Scripting via Chapter Parameter
Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.
by L0rd CrusAd3r
Customer Paradigm PageDirector CMS - SQL Injection
SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter.
by v3n0m
CANDID - SQL Injection via image_id Parameter
SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
by L0rd CrusAd3r
CANDID - Cross-Site Scripting via image_id Parameter
Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter.
by L0rd CrusAd3r
Allomani Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)
by G0D-F4Th3r
Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (1)
by G0D-F4Th3r
By Source