Text Exploits
31,386 exploits tracked across all sources.
Galerie Dezign-Box - Multiple Input Validation Vulnerabilities
by indoushka
Ero Auktion 2.0 and 2010 - SQL Injection via News.php ID Parameter
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
Ero Auktion 2.0 and 2010 - SQL Injection via News.php ID Parameter
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
Arab Cart 1.0.2.0 - Cross-Site Scripting via showimg.php id Parameter
Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by indoushka
Ac4p.com Gallery 1.0 - Multiple Vulnerabilities
by indoushka
BlazeDS < 3.2 - Information Disclosure via XML External Entity Injection
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
by Roberto Suggi Liverani
CVSS 6.5
vBulletin 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities
by indoushka
Joomla! Component com_recipe - Multiple SQL Injections
by FL0RiX
FlatFile Login System - Remote Password Disclosure
by ViRuSMaN
Dynamicsoft WSC CMS 2.2 - SQL Injection
SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
by Phenom
Social Web CMS 2 - 'index.php' Cross-Site Scripting
by GoLdeN-z3r0
Litespeed Web Server 4.0.12 - Cross-Site Request Forgery (Add Admin) / Cross-Site Scripting
by d1dn0t
com_communitypolls < 1.5.2 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by kaMtiEz
Fonality Trixbox 2.2.4 - SQL Injection
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by NorSlacker
IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection
by Sjoerd Resink
Core Design Scriptegrator <1.4.1 - Path Traversal
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.
by S2 Crew
XlentProjects SphereCMS 1.1 - SQL Injection
SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism.
by AmnPardaz Security Research Team
Subex Nikira Fraud Management System - Cross-Site Scripting via Login Prompt Message Parameter
Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by thebluegenius
Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection / Cross-Site Scripting / Arbitrary Admin Change
by Sioma Labs
New-CMS 1.08 - Multiple Local File Inclusion / HTML Injection Vulnerabilities
by Alberto Fontanella
By Source