Text Exploits
31,386 exploits tracked across all sources.
Softbiz Dating 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
by 41.w4r10r
Pligg CMS 1.0.4 - 'story.php' SQL Injection
by Don Tukulesto
PHP Video Battle Script - SQL Injection via browse.html cat Parameter
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by v3n0m
Modelbook - SQL Injection via casting_view.php adnum Parameter
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.
by v3n0m
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection
by Manas58
Joomla! Component com_jesectionfinder - Arbitrary File Upload
by Sid3^effects
Apache ActiveMQ 5.3 - 'admin/queueBrowse' Cross-Site Scripting
by arun kethipelly
PHP-Quick-Arcade 3.0.21 - SQL Injection via phpqa_user_c or id Parameter
Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.
by ITSecTeam
SmartBlog 1.3 - SQL Injection / Cross-Site Scripting
by indoushka
ProArcadeScript - 'search.php' Cross-Site Scripting
by Sid3^effects
PHP-Quick-Arcade 3.0.21 - Cross-Site Scripting via serv Parameter
Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter.
by ITSecTeam
com_ultimateportfolio 1.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
com_smartsite 1.0.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
Code-Garage NoticeBoard 1.3 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
Graphics (com_graphics) 1.0.6 and 1.5.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by wishnusakti + inc0mp13te
Infocus Real Estate Enterprise Edition - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.
by Sid3^effects
i-Net Online Community - Cross-Site Scripting / Authentication Bypass
by Sid3^effects
HelpCenterLive 2.0.6 and 2.1.7 - Path Traversal via File Parameter
Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the file parameter to module.php. NOTE: some of these details are obtained from third party information.
by 41.w4r10r
Free Realty - SQL Injection via Agent Login or Password Parameter
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
by Sid3^effects
CLScript Classifieds Script - SQL Injection via help-details.php hpId Parameter
SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter.
by 41.w4r10
Boutique SudBox 1.2 - Cross-Site Request Forgery (Changer Login et Mot de Passe)
by indoushka
2daybiz Auction Script - SQL Injection via Login Username Parameter
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
by Sid3^effects
By Source