Text Exploits
31,386 exploits tracked across all sources.
Smart Statistics 1.0 - 'smart_Statistics_admin.php' Cross-Site Scripting
by R3d-D3V!L
Simply Classified 0.2 - Cross-Site Scripting / Cross-Site Request Forgery
by mr_me
ProArcadeScript - SQL Injection via Games ID Parameter
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Err0R
phpmdj 1.0.3 - SQL Injection via profil.php id Parameter
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by k4cp3r & Ablus
JCE-Tech PHP Calendars - Unauthenticated Settings Modification via Direct install.php Request
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
by LionTurk
jVideoDirect (com_jvideodirect) - Path Traversal via Controller Parameter
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by FL0RiX
JCollection (com_jcollection) for Joomla! - Path Traversal via Controller Parameter
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by FL0RiX
Joomla! JA Showcase (com_jashowcase) - Path Traversal via Controller Parameter
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
by FL0RiX
Joomla! Component com_dashboard - Directory Traversal
by FL0RiX
E-membres 1.0 - Unauthenticated Sensitive Information Exposure via Direct Database Request
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb.
by ViRuSMaN
Visialis ABB Forum 1.1 - Info Disclosure
Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb.
by ViRuSMaN
Apple Safari - URL Redirect Target Disclosure via Stylesheet LINK Element
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.
by Cesar Cerrudo
ProfitCode Shopping Cart - Multiple Local/Remote File Inclusion Vulnerabilities
by Zer0 Thunder
Windows Live Messenger 2009 build 14.0.8089.726 - Denial of Service via ViewProfile Method
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
by HACKATTACK IT SECURITY GmbH
com_ksadvertiser - SQL Injection via pid Parameter
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.
by FL0RiX
DELTAScripts PHPLinks - 'catid' SQL Injection
by Hamza 'MizoZ' N.
By Source