Text Exploits
31,386 exploits tracked across all sources.
New Advisore Stack 1.1 - Directory Traversal
by R3VAN_BASTARD
Mini CMS RibaFS 1.0 - SQL Injection
SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
agXchange ESM - 'ucschcancelproc.jsp' Open Redirection
by Lament
WebMaid CMS < 0.2-6 - Remote File Inclusion via Multiple Template Parameters
Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php.
by cr4wl3r
Woltlab Burning Board Lite Addon - 'lexikon.php' SQL Injection
by n3w7u
WebMaid CMS <0.2-6 - Path Traversal
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.
by cr4wl3r
notsopureedit < 1.4.1 - Remote Code Execution via Template Content Parameter
PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
Jewelry Cart Software - 'product.php' SQL Injection
by Asyraf
Fw-BofF (oolime-resurrection) 1.5.3beta - Multiple Remote File Inclusions
by cr4wl3r
Pay Per Watch & Bid Auktions System - SQL Injection via id_auk Parameter
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
by Easy Laster
Joomla! Component Gift Exchange com_giftexchange 1.0 Beta - 'pkg' SQL Injection
by Chip d3 bi0s
ZKSoftware 'ZK5000' - Remote Information Disclosure
by fb1h2s
KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting)
by emgent
ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication
by fb1h2s
Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download
by n01d
quality point 1.0 newsfeed - SQL Injection / Cross-Site Scripting
by Red-D3v1L
PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities
by Liscker
PHPscripte24 Preisschlacht Liveshop System - 'index.php?aid' SQL Injection
by Easy Laster
JE Form Creator - Unauthenticated Directory Traversal via View Parameter
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
by Chip d3 bi0s
By Source