Text Exploits
31,386 exploits tracked across all sources.
Joomla! Component com_alert - 'q_item' SQL Injection
by N2n-Hacker
eFront 3.5.x-3.5.5 - Path Traversal via Language Parameter
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
by 7Safe
EGroupware <1.6.003-9.2.20100309 - Command Injection
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
by Nahuel Grisolia
Phpkobo Short URL 1.01 - Path Traversal
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
by Pouya Daneshmand
Multi Auktions Komplett System 2 - SQL Injection
SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
by Easy Laster
Joomla! Component com_rwcards - Local File Inclusion
by ALTBTA
Joomla! Component com_as - 'catid' SQL Injection
by N2n-Hacker
Phpkobo Free Real Estate Contact Form 1.09 - Path Traversal
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.
by Pouya Daneshmand
EGroupware 1.4.001+.002 1.6.001+.002 - Cross-Site Scripting via lang Parameter
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
by Nahuel Grisolia
ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal
by dmnt
Preisschlacht 4.0 Flash System - 'index.php?aid' SQL Injection
by Easy Laster
osDate 2.1.9 and 2.5.4 - Remote Code Execution via config[forum_installed] Parameter
Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information.
by NoGe
Joomla! Component com_sectionex - Local File Inclusion
by AtT4CKxT3rR0r1ST
Joomla! Component com_rpx Ulti RPX 2.1.0 - Local File Inclusion
by jdc
By Source