Text Exploits
31,386 exploits tracked across all sources.
DeluxeBB 1.3 - Cross-Site Scripting via misc.php page Parameter
Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by cp77fk4r
ClarkConnect Linux 5.0 - 'proxy.php' Cross-Site Scripting
by Edgard Chammas
Active PHP Bookmarks <1.2.06 - SQL Injection
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.Elgaarh
Active Business Directory 2 - Cross-Site Scripting via searchadvance.asp search parameter
Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Andrea Bocchetti
Web Cocoon simpleCMS - 'show.php' SQL Injection
by anonymous
CodeMight VideoCMS 3.1 - SQL Injection
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
by kaMtiEz
Element-IT Ultimate Uploader 1.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
by Master Mind
social Web CMS Beta 2 - Multiple Vulnerabilities
by cp77fk4r
PHPOPENCHAT 3.0.2 - Cross-Site Scripting AND/OR FPD
by Dedalo
PHPhotoalbum 0.5 - SQL Injection via Album or PID Parameter
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
by Stack
PHPhotoalbum - Unauthenticated Arbitrary File Upload via Double Extension Bypass
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.
by wlhaan hacker
php-calendar 1.1 - Path Traversal and Arbitrary File Execution via configfile Parameter
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Juan Galiana Lara
php-calendar 1.1 - Path Traversal and Arbitrary File Execution via configfile Parameter
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Juan Galiana Lara
Kasseler CMS 1.3.4 - Cross-Site Scripting via do id or uname Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
by Gamoscu
Angelo-Emlak 1.0 - Unauthenticated Database Download via Direct Request
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
by LionTurk
PHPSimplicity Simplicity oF Upload 1.3.2 - Unrestricted File Upload via Double Extension Bypass
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.
by Master Mind
phphq phUploader 1.2 - Unrestricted File Upload and Remote Code Execution
Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by wlhaan-hacker
Pandora FMS Monitoring Application 2.1.x /3.x - SQL Injection
by Global-Evolution
PacketFence Network Access Controller - Cross-Site Scripting
by K053
By Source