Text Exploits
31,386 exploits tracked across all sources.
Datenator 0.3.0 - 'event.php?id' SQL Injection
by The_HuliGun
Esinti Web Design Gold Defter - Database Disclosure
by LionTurk
Cactushop < 6 - Unauthenticated Sensitive Information Exposure via Direct Database Request
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
by LionTurk
Winn Guestbook 2.4 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by indoushka
Softbiz B2B Trading Marketplace Script < 1.1 - SQL Injection via cid Parameter
SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.
by AnGrY BoY
AL-Caricatier 2.5 - 'comment.php' Cross-Site Scripting
by indoushka
FreePBX 2.5.2 and 2.6.0rc2 - Cross-Site Scripting via Tech Parameter and Description Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.
by Global-Evolution
MyBB 1.4.10 - Cross-Site Scripting via Username Parameter in Donate Action
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.
by Steven Abbagnaro
By Source