Text Exploits
31,386 exploits tracked across all sources.
Carlos Eduardo Sotelo Pinto 0.1.0 - Code Injection
PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter.
by cr4wl3r
Mango Blog 1.4.1 - '/archives.cfm/search' Cross-Site Scripting
by MustLive
OpenMairie openAnnuaire 2.00 - Remote File Inclusion via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
Acritum Femitter Server 1.03 - Multiple Vulnerabilities
by Zer0 Thunder
WHMCompleteSolution (WHMCS) Control 2 - 'announcements.php' SQL Injection
by Islam DefenDers
OpenMairie openAnnuaire 2.00 - Remote File Inclusion via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/.
by cr4wl3r
Joomla! Component com_djClassifieds 0.9.1 - Arbitrary File Upload
by Sid3^effects
GuppY 4.5.18 - SQL Injection via Newsletter lng Parameter
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
by indoushka
Billwerx RC 5.2.2 PL2 - SQL Injection via Primary Number Parameter
SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter.
by indoushka
Google Chrome 4.1.249.1064 - Remote Memory Corrupt
by eidelweiss
openMairie openCimetiere 2.01 - Remote Code Execution via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/.
by cr4wl3r
OpenMairie Opencatalogue 1.024 - Path Traversal via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection
by ekse
com_grid - Cross-Site Scripting via data_search and rpp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.
by Valentin
Joomla! Component Card View JX - Cross-Site Scripting
by Valentin
CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload
by The.Morpheus
Comersus 8 Shopping Cart - SQL Injection / Cross-Site Request Forgery
by Sid3^effects
Webthaiapp - 'detail.php?cat' Blind SQL Injection
by Xelenonz
Joomla! Newsfeeds Component - SQL Injection via feedid Parameter
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
by Archimonde
JobPost 1.0 - SQL Injection via iType Parameter
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.
by Sid3^effects
By Source