Text Exploits
31,386 exploits tracked across all sources.
J!Research (com_jresearch) - Path Traversal via Controller Parameter
Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by Chip d3 bi0s
Firefox 3.0.x-3.0.17, 3.5.x-3.5.7, 3.6.x-3.6.1 - Remote Code Execution via Memory Corruption
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.
by Bob Clary
Uiga Business Portal - 'index.php' SQL Injection
by Easy Laster
SpringSource tc Server < 6.0.20.B, AMS < 2.0.0.SR4, Hyperic HQ < 4.2.x - Cross-Site Scripting via Description Field
Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."
by Aaron Kulick
RepairShop2 1.9.023 Trial - Cross-Site Scripting via prod Parameter
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.
by kaMtiEz
Lussumo Vanilla < 1.1.10 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.
by eidelweiss
SMEStorage (com_smestorage) < 1.1 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
by Chip d3 bi0s
Real Estate Property (com_properties) 3.1.22-03 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by Chip d3 bi0s
Joomla! Component com_aml_2 - 'art' SQL Injection
by Metropolis
Insky CMS 006-0111 - Remote Code Execution via ROOT Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information.
by mat
uhttp Server 0.1.0-alpha - Directory Traversal
by Salvatore Fresta
Cafu 9.06 - Multiple Remote Vulnerabilities
by Luigi Auriemma
Astaro Security Linux 5 - 'index.fpl' Cross-Site Scripting
by Vincent Hautot
agXchange ESM - 'ucquerydetails.jsp' Cross-Site Scripting
by Lament
Uiga Fan Club - SQL Injection via id Parameter in photos Action
SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
by Sioma Labs
PowieSys 0.7.7 alpha - 'index.php' shownews SQL Injection
by Easy Laster
By Source