Text Exploits
31,386 exploits tracked across all sources.
Exponent CMS 0.96.3 - 'articlemodule' SQL Injection
by T u R c O
EncapsCMS 0.3.6 - 'config[path]' Remote File Inclusion
by cr4wl3r
Croogo 1.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by Milos Zivanovic
baal_systems < 3.8 - SQL Injection via adminlogin.php Username and Password Parameters
Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by cr4wl3r
DA Mailing List System 2 - Multiple Vulnerabilities
by Phenom
SQLite Browser 2.0b1 - Local Denial of Service
by Nishant Das Patnaik
Open Bulletin Board - Multiple Blind SQL Injections
by AtT4CKxT3rR0r1ST
com_photoblog - SQL Injection via Blog Parameter
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist.
by ALTBTA
ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting
by cp77fk4r
AudiStat 1.3 - SQL Injection via mday Parameter
SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter.
by kaMtiEz
evalSMSI 2.1.03 - SQL Injection via ajax.php query parameter
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.
by ekse
AudiStat 1.3 - Cross-Site Scripting via Year and Mday Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by kaMtiEz
ASCET Interactive Huski Retail - Multiple SQL Injections
by Wireghoul
ManageEngine OpUtils 5.0 - SQL Injection
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
by Asheesh Anaconda
Ipswitch IMAIL 11.01 - Reversible Encryption + weak ACL
by sinn3r
MASA2EL Music City <1.1 - SQL Injection
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action.
by alnjm33
Interspire Knowledge Manager < 5.1.3 - Multiple Remote Vulnerabilities
by Cory Marsh
Data 1 Systems UltraBB 1.17 - 'view_post.php' Cross-Site Scripting
by s4r4d0
Samba <3.3.11, <3.4.6, <3.5.0rc3 - Path Traversal
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
by kingcope
KnowGate hipergate 4.0.12 - Multiple Cross-Site Scripting Vulnerabilities
by Nahuel Grisolia
Sterlite SAM300 AX Router - Cross-Site Scripting via Stat_Radio Parameter
Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter.
by Karn Ganeshen
By Source