Text Exploits
31,386 exploits tracked across all sources.
Firebook - Multiple Cross-Site Scripting / Directory Traversal Vulnerabilities
by MustLive
Novell Netware < 6.5 - Remote Code Execution via SMB Sessions Setup AndX Packet
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
by laurent gaffie
2daybiz Online Classified Script - XSS
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
by Sid3^effects
Adobe SVG Viewer 3.0 - Circle Transform Remote Code Execution
by h07
Nakid CMS 0.5.2 - Remote Code Execution via core[system_path] Parameter
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information.
by sh00t0ut
ezpx_photoblog 1.2 beta - Remote Code Execution via tpl_base_dir Parameter
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
by sh00t0ut
2daybiz Network Community Script - SQL Injection
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
by Sid3^effects
2daybiz Online Classified Script - SQL Injection
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
by Sid3^effects
Sell@Site PHP Online Jobs Login - Multiple SQL Injections
by L0rd CrusAd3r
CUPS < 1.4.4 - Information Disclosure via Malformed Percent-Encoded URI Parameter
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
by Luca Carettoni
Smart ASP Survey - Cross-Site Scripting via catid Parameter
Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter.
by L0rd CrusAd3r
SAS Hotel Management System - 'notfound' SQL Injection
by L0rd CrusAd3r
Restaurant Listing with Online Ordering - SQL Injection
by L0rd CrusAd3r
IISWorks FileMan - fileman.mdb Remote User Database Disclosure
by j0fer
Business Classified Listing - SQL Injection
by L0rd CrusAd3r
XnView 1.97.4 - Heap-Based Buffer Overflow via MultiBitMap Paint Data Section
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
by Mauro Olea
By Source