Text Exploits
31,386 exploits tracked across all sources.
Adam Corley dcsFlashGames - SQL Injection
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by kaMtiEz
CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities
by eidelweiss
BPTutors Tutoring site script - Cross-Site Request Forgery (Add Admin)
by bi0
Safari on Apple iPhone OS 3.1.3 for iPod touch - DoS
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.
by Nishant Das Patnaik
Safari on iPhone OS 3.1.3 - Denial of Service or Remote Code Execution via VML recolorinfo numcolors Attribute
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.
by Nishant Das Patnaik
SAP GUI 7.00 - BExGlobal Active-X unsecure method
by Alexey Sintsov
justVisual CMS 2.0 - Path Traversal
Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.
by eidelweiss
INVOhost 3.4 - SQL Injection via site.php id/newlanguage Parameters
Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information.
by Andrés Gómez
Direct News 4.10.2 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information.
by mat
Jenkins Software RakNet 3.72 - Remote Integer Underflow
by Luigi Auriemma
Lexmark x94x - Stack-based Buffer Overflow via PJL INQUIRE Command
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command.
by Francis Provencher
vBulletin Blog 4.0.2 - Title Cross-Site Scripting
by FormatXformat
Joomla! Component com_wallpapers - SQL Injection
by DevilZ TM
Joomla! Component com_universal - Remote File Inclusion
by eidelweiss
By Source