Text Exploits
31,386 exploits tracked across all sources.
Sethi Family Guestbook 3.1.8 - Cross-Site Scripting
by Valentin
openMairie Openpresse 1.01 - Path Traversal via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
openMairie openPlanning 1.00 - Remote Code Execution via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/.
by cr4wl3r
openMairie Openfoncier 2.00 - Remote File Inclusion via soustab.php dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
NCT Jobs Portal Script - Cross-Site Scripting via Search Keywords Tags or Desired City Field
Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.
by Sid3^effects
Madirish Webmail 2.0 - Remote Code Execution via GLOBALS[basedir] Parameter
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
by eidelweiss
AlstraSoft AskMe Pro - SQL Injection
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
by v3n0m
Memorial Web Site Script - Reset Password / Insecure Cookie Handling
by Chip d3 bi0s
Memorial Web Site Script - Multiple Arbitrary Delete Vulnerabilities
by Chip d3 bi0s
lanewsfactory - Multiple Vulnerabilities
by Salvatore Fresta
EDraw Flowchart ActiveX Control 2.3 - 'EDImage.ocx' Remote Denial of Service (IE)
by LiquidWorm
phpGreetCards 3.7 - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
by Valentin
FlashCard 2.6.5 and 3.0.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
by Valentin
Web Development House Alibaba Clone - SQL Injection
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.
by spykit
Cacti < 0.8.7e - SQL Injection via Export Item ID Parameter
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.
by Nahuel Grisolia
AJ Shopping Cart 1.0 - SQL Injection via maincatid Parameter
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
by v3n0m
ajsquare aj_matrix_dna - SQL Injection via id Parameter in productdetail Action
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
by v3n0m
Apache Tomcat <6.0.26 - Info Disclosure
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
by Deniz Cevik
Apache ActiveMQ <5.3.2 and <5.4.0 - Info Disclosure
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
by Veerendra G.G
By Source