Text Exploits
31,386 exploits tracked across all sources.
Windows XP and Windows Server 2003 - Remote Code Execution via Malformed hcp:// URL
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
by Tavis Ormandy
Windows XP and Server 2003 - Cross-Site Scripting via Help and Support Center svr Parameter
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
by Tavis Ormandy
SchoolMation 2.3 - SQL Injection via Studentmain Session Parameter
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
by Sid3^effects
Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection
by L0rd CrusAd3r
Arab Portal 2.2 - SQL Injection via Members.php by Parameter
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.
by SwEET-DeViL
Science Fair In A Box <2.0.6, 2.2.0 - SQL Injection
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
Pilot Group eLMS Pro - SQL Injection via subscribe.php course_id Parameter
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
by Sid3^effects
Science Fair In A Box <2.0.6, 2.2.0 - XSS
Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
Eicra Realestate Script 1.0 and 1.6.0 - SQL Injection via p_id Parameter
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
PHP Property Rental Script - SQL Injection / Cross-Site Scripting
by L0rd CrusAd3r
PGAUTOPro - SQL Injection / Cross-Site Scripting (2)
by Sid3^effects
PGAUTOPro - SQL Injection / Cross-Site Scripting (1)
by Sid3^effects
HauntmAx Haunted House Directory Listing CMS - SQL Injection via State Parameter
SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action.
by Sid3^effects
GREEZLE - Global Real Estate Agent Site Auth SQL Injection
by L0rd CrusAd3r
Pilot Group eLMS Pro - Stored Cross-Site Scripting via subscribe.php course_id Parameter
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
by Sid3^effects
By Source