Text Exploits
31,386 exploits tracked across all sources.
Joomla! Component com_jeemaarticlecollection - SQL Injection
by FL0RiX
Joomla! Component com_carman - Cross-Site Scripting
by FL0RiX
Jax Guestbook 3.5.0 - Unauthenticated Authentication Bypass via Direct Admin Endpoint Access
Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
by Sora
Web Wiz NewsPad - Unauthenticated Sensitive Information Exposure via Direct Database Request
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
by ViRuSMaN
Snitz Forums 2000 <= 3.4.06 - Unauthenticated Sensitive Information Exposure via Direct Database Download
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
by ViRuSMaN
Emporium Module < 2.3.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by Hussin X
Wolfram webMathematica - Cross-Site Scripting via URI to MSP Script
Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script.
by Floyd Fuh
DeluxeBB 1.3 - Improper Input Validation in Email Verification
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action.
by cp77fk4r
DeluxeBB 1.3 - Exposure of Sensitive Information via Page Parameter
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption).
by cp77fk4r
DeluxeBB 1.3 - Unauthenticated Sensitive Information Exposure via Direct Request
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.
by cp77fk4r
weenCompany 4.0.0 - SQL Injection via moduleid Parameter
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information.
by Gamoscu
The Uploader 2.0 - Path Traversal via Filename Parameter
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by Stack
pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections
by Hadi Kiamarsi
Mini File Host 1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable File Extension
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file.
by MR.Z
By Source