Text Exploits
31,386 exploits tracked across all sources.
Sections module 5.x < 5.x-1.3 and 6.x < 6.x-1.3 - Authenticated Cross-Site Scripting via Section Name Field
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
by Justin C. Klein Keane
Sections module 5.x < 5.x-1.3 and 6.x < 6.x-1.3 - Authenticated Cross-Site Scripting via Section Name Field
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
by Justin C. Klein Keane
VideoCache 1.9.2 - Local Privilege Escalation
vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log.
by Dominick LaTrappe
DataCheck Solutions V-SpacePal - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
Smart ASPad - 'campaignEdit.asp?CCam' Blind SQL Injection
by R3d-D3V!L
Pre Hotels&Resorts Management System - Authentication Bypass
by R3d-D3V!L
GuestBookPro Script - Remote Database Disclosure
by ViRuSMaN
Digiappz Freekot 1.01 - SQL Injection via Login or Password Parameters
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Codefixer Membership - Remote Database Disclosure
by ViRuSMaN
Scriptsez Ez FAQ Maker 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by Milos Zivanovic
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
Ez News Manager / Pro - Cross-Site Request Forgery (Change Admin Password)
by Milos Zivanovic
By Source