Text Exploits
31,386 exploits tracked across all sources.
CommodityRentals Vacation Rental Software - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.
by JaMbA
CommodityRentals Trade Manager Script - SQL Injection
SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by JaMbA
GameRoom Script - Authentication Bypass / Arbitrary File Upload
by JIKO
CommodityRentals CD Rental Software - 'index.php' SQL Injection
by Don Tukulesto
CommodityRentals CD Rental Software - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
by Don Tukulesto
CommodityRentals Books/eBooks Rentals Script - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
by Don Tukulesto
CommodityRentals Video Games Rentals - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
by JaMbA
RSA WebID - Cross-Site Scripting via IISWebAgentIF.dll postdata Parameter
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
by s4squatch
Cisco Collaboration Server 5 - Unauthenticated Sensitive Information Exposure via URL-Encoded Filename Extension Bypass
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.
by s4squatch
Newgen Software OmniDocs - SQL Injection
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
by thebluegenius
ULoki Community Forum 2.1 - 'usercp.php' Cross-Site Scripting
by Sioma Labs
HASHE! Solutions - Multiple SQL Injections
by AtT4CKxT3rR0r1ST
KuwaitPHP eSmile - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.
by AtT4CKxT3rR0r1ST
Accellion Secure File Transfer Appliance <8.0.105 - Path Traversal
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
by Tim Brown
Accellion Secure File Transfer Appliance - Privilege Escalation via Sudo Command Argument Injection
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
by Tim Brown
Windows Vista and Server 2008 - Remote Code Execution via ICMPv6 Router Advertisement
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
by Sumit Gwalani
vBulletin Adsense Component - 'viewpage.php' SQL Injection
by JIKO
osTicket < 1.6 - Authenticated SQL Injection via scp/ajax.php Input Parameter
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
by Nahuel Grisolia
By Source