Text Exploits
31,386 exploits tracked across all sources.
JForum 2.1.8 BookMarks - Cross-Site Request Forgery / Cross-Site Scripting
by Adam Baldwin
DJ-ArtGallery 0.9.1 - XSS
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information.
by d0lc3
iScripts eSwap 2.0 - Cross-Site Scripting via txtHomeSearch Parameter
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
by Sid3^effects
wmscms < 2.0 - Cross-Site Scripting via search, sbr, p, or sbl Parameters
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137.
by Ariko-Security
WmsCms < 2.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.
by Ariko-Security
WebBiblio Subject Gateway System - Local File Inclusion
by AntiSecurity
Joomla! com_searchlog 3.1.0 - SQL Injection
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
by XroGuE
ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting
by Sid3^effects
PHP Car Rental Complete System 1.2 - SQL Injection
by Sid3^effects
Joomla! com_searchlog 3.1.0 - SQL Injection
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
by d0lc3
DJ-ArtGallery 0.9.1 - SQL Injection
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
by d0lc3
Joomla! Component com_annonces - Arbitrary File Upload
by Sid3^effects
JForum 2.1.8 - 'Username' Cross-Site Scripting
by Adam Baldwin
iScripts eSwap 2.0 - SQL Injection via addsale.php type Parameter
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
by Sid3^effects
iScripts EasyBiller 1.1 - SQL Injection
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
by Sid3^effects
IDevSpot TextAds 2.08 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Sid3^effects
CuteSITE CMS 1.2.3 and 1.5.0 - Cross-Site Scripting via fld_path Parameter
Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CuteSITE CMS <1.5.0 - SQL Injection
SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
JForum 2.1.8 - 'bookmarks' Module Multiple HTML Injection Vulnerabilities
by Adam Baldwin
WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting
by MustLive
By Source