Text Exploits
31,386 exploits tracked across all sources.
phpplanner - Cross-Site Scripting / SQL Injection
by anT!-Tr0J4n
VU Web Visitor Analyst - SQL Injection via redir.asp Username or Password Parameter
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
BrightSuite Groupware 5.4 - SQL Injection
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
by L0rd CrusAd3r
nginx 0.7.52-0.7.65 and 0.8-0.8.39 on Windows - Unauthenticated Arbitrary File Read via ::$DATA URI Suffix
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
by Dr_IDE
nginx 0.7.52-0.7.67 - Denial of Service via Encoded Directory Traversal Sequence
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
by Dr_IDE
nginx 0.7.52-0.7.65 and 0.8-0.8.39 on Windows - Unauthenticated Arbitrary File Read via ::$DATA URI Suffix
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
by Jose A. Vazquez
Site to Store Automobile - Motorcycle Boat SQL Injection
by L0rd CrusAd3r
Site for Real Estate - Brokers SQL Injection
by L0rd CrusAd3r
Parallels System Automation (PSA) - Local File Inclusion
by Pouya Daneshmand
Development Site Professional Liberal - Company Institutional SQL Injection
by L0rd CrusAd3r
DaLogin 2.2 and 2.2.5 - SQL Injection via new.php id Parameter
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by hc0
ardeaCore PHP Framework 2.2 - Remote File Inclusion via pathForArdeaCore Parameter
PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
anecms_blog < 1.3 - SQL Injection via PATH_INFO
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
by High-Tech Bridge SA
anecms_blog < 1.3 - Stored Cross-Site Scripting via Comment Variable
Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php.
by High-Tech Bridge SA
Savy Soda Documents - Mobile Office Suite '.XLS' Denial of Service
by Matthew Bergin
GoodiWare GoodReader iPhone - '.XLS' Denial of Service
by Matthew Bergin
SchoolMation 2.3 - Cross-Site Scripting via Session Parameter
Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.
by Sid3^effects
By Source