Text Exploits
31,386 exploits tracked across all sources.
Ampache 3.4.3 - 'login.php' Multiple SQL Injections
by R3d-D3V!L
Sitecore Staging Module <5.4.0 - Auth Bypass
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
by L. Weichselbaum
dBlog CMS - Unauthenticated Sensitive Information Exposure via Direct Database Request
dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb.
by AnTi SeCuRe
VirtueMart 1.0 - SQL Injection via product_id Parameter
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
by Neo-GabrieL
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
by R3d-D3V!L
Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (1)
by Stink
Rumba XML 1.8 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information.
by Hadi Kiamarsi
QuiXplorer 2.x - 'lang' Local File Inclusion
by Juan Galiana Lara
Pluxml-Blog 4.2 - '/core/admin/auth.php' Cross-Site Scripting
by Metropolis
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Braeden Thomas
Joomla! com_joomportfolio 1.0.0 - SQL Injection
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php.
by Fl0riX & Snakespc
Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities
by bi0
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
cPanel 11.0-11.24.7 - Cross-Site Scripting via Fileop Parameter
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
by RENO
Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass
by David Eduardo Acosta Rodriguez
By Source