Text Exploits
31,386 exploits tracked across all sources.
fipsForum 2.6 - Unauthenticated Sensitive Information Disclosure via Direct Database Request
fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb.
by ViRuSMaN
jaxCMS 1.0 - Path Traversal and Arbitrary File Execution via 'p' Parameter
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
by Hamza 'MizoZ' N.
Mongoose 2.8 - Space String Remote File Disclosure
by Pouya Daneshmand
JDownloader - 'JDExternInterface.java' Remote Code Execution
by apoc
Uiga Business Portal - Stored Cross-Site Scripting via Comment Box Textcomment Parameter
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information.
by Sioma Labs
Zen Time Tracking <2.2 - SQL Injection
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information.
by cr4wl3r
Uiga Business Portal - SQL Injection
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.
by Sioma Labs
rostermain < 1.1 - SQL Injection via Userid or Password Parameter
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.
by cr4wl3r
Joomla! com_productbook 1.0.4 - SQL Injection
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information.
by snakespc
By Source