Text Exploits
31,386 exploits tracked across all sources.
CARTwebERP <1.56.75 - Path Traversal
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by FL0RiX
JoomlaBibleStudy com_biblestudy 6.1 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
by FL0RiX
Tamlyncreative Com Bfsurvey Profree < 1.3.0 - SQL Injection
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information.
by FL0RiX
com_bfsurvey_profree - Path Traversal via Controller Parameter
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by FL0RiX
Joomla! com_abbrev 1.1 - Path Traversal
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by FL0RiX
Shape5 Bridge of Hope Template - SQL Injection via id Parameter
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
by R3d-D3V!L
JoomlaBamboo JB Simpla Admin Template - SQL Injection via id Parameter
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report.
by R3d-D3V!L
Elite Gaming Ladders 3.0 - SQL Injection
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
by Sora
Discuz! 2.0 - Multiple Cross-Site Scripting Vulnerabilities
by indoushka
Facebook for iPhone - Persistent Cross-Site Scripting Denial of Service
by marco_
MasterWeb Script 1.0 - 'details&newsID' SQL Injection
by Red-D3v1L
Acidcat CMS <3.5.3 - Info Disclosure
Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
by LionTurk
Proxyroll.com Clone PHP Script - Insecure Cookie Handling
by DigitALL
Obsession-Design Image-Gallery 1.1 - 'display.php' Cross-Site Scripting
by kaMtiEz
Left 4 Dead (L4D) Stats 1.1 - SQL Injection
SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.
by Sora
Joomla! Component com_dailymeals - Local File Inclusion
by FL0RiX
HLstatsX Community Edition 1.6.5 - Cross-Site Scripting
by Sora
eazyPortal 1.0.0 - Multiple Vulnerabilities
by Milos Zivanovic
By Source