Text Exploits
31,386 exploits tracked across all sources.
RokDownloads < 1.0.1 - Unauthenticated Path Traversal via Controller Parameter
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by AtT4CKxT3rR0r1ST
Joomla! Component com_org - 'letter' SQL Injection
by kazuya
Joomla! Component com_linkr - Local File Inclusion
by AtT4CKxT3rR0r1ST
JA News (com_janews) 1.0 - Path Traversal
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by AtT4CKxT3rR0r1ST
Joomla! com_gcalendar 2.1.5 - Path Traversal
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by jdc
Joomla! Component com_ganalytics - Local File Inclusion
by AtT4CKxT3rR0r1ST
Interspire SHOPPING CART 5.5.4 - Ultimate Edition backup dump
by indoushka
Domain Verkaus & Auktions Portal - 'index.php' SQL Injection
by Easy Laster
CH-CMS.ch 2 - Multiple Arbitrary File Upload Vulnerabilities
by EL-KAHINA
Andromeda 1.9.2 - 's' Cross-Site Scripting / Session Fixation
by indoushka
Phpkobo Address Book Script <1.09 - Path Traversal
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
by Pouya Daneshmand
Dojo 1.0.x-1.0.2, 1.1.x-1.1.1, 1.2.x-1.2.3, 1.3.x-1.3.2, 1.4.x-1.4.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
by Adam Bixby
Dojo Toolkit SDK < 1.4.2 - Cross-Site Scripting via Theme Parameter
Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.
by Adam Bixby
(Multiple Products) - 'banner.swf' Cross-Site Scripting
by MustLive
Zigurrat Farsi CMS - '/manager/textbox.asp' SQL Injection
by Isfahan
ParsCMS - SQL Injection via RP Parameter
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.
by Isfahan
phppool media Domain Verkaus and Auktions Portal - SQL Injection
SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
PhpMyLogon 2 - SQL Injection via Username Parameter
SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by blake
By Source