Text Exploits
31,386 exploits tracked across all sources.
ScriptsFeed Business Directory Software - SQL Injection
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.
by Crux
ProMan < 0.1.1 - Remote File Inclusion via _SESSION[userLang] Parameter
Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php.
by cr4wl3r
Project Man 1.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
by cr4wl3r
phpRAINCHECK <1.0.1 - SQL Injection
SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by cr4wl3r
phpmysite - Cross-Site Scripting via contact.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.
by Crux
phpCDB < 1.0 - Remote File Inclusion via Lang Global Parameter
Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) firstvisit.php, (2) newfolder.php, (3) showfolders.php, (4) newlang.php, (5) showinnerfolder.php, (6) writecode.php, and (7) showcode.php.
by cr4wl3r
DZ EROTIK Auktionshaus V4rgo - SQL Injection
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
Pre Classified Listings ASP - SQL Injection
SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.
by Crux
PHP < 5.2.13 - Insufficient Entropy in Linear Congruential Generator
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
by Rasmus
Aris Global ARISg 5.0 - Cross-Site Scripting via wflogin.jsp errmsg Parameter
Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
by Yaniv Miron
Softbiz Recipes Portal Script - 'showcats.php' SQL Injection
by Easy Laster
Newbie CMS 0.0.2 - Insecure Cookie Authentication Bypass
by JIKO
GameScript 3.0 - SQL Injection via index.php id Parameter
SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.
by FormatXformat
IBM WebSphere Portal 5.1.0.0-5.1.0.5, 6.0.0.0-6.0.1.7, 6.1.0.0-6.1.5.0 XSS via login.jsp
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
by Oren Hafif
WikyBlog 1.7.3rc2 - Authenticated Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
by indoushka
WikyBlog 1.7.3 rc2 - Session Fixation
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
by indoushka
WikyBlog 1.7.3 rc2 - Remote Code Execution via LangFile Parameter
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
by indoushka
WikyBlog 1.7.2 and 1.7.3 rc2 - Cross-Site Scripting via which Parameter
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
by indoushka
Web Server Creator - Web Portal 0.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.
by indoushka
Softbiz Classifieds PLUS - Multiple SQL Injections
by Easy Laster
Softbiz Auktios Script - Multiple SQL Injections
by Easy Laster
By Source