Text Exploits
31,386 exploits tracked across all sources.
ScriptsEz Ez Blog 1.0 - Cross-Site Scripting via yr Parameter in bmonth Action
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
by Milos Zivanovic
ScriptsEz Ez Blog 1.0 - Cross-Site Scripting via yr Parameter in bmonth Action
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
by Milos Zivanovic
APC Network Management Card - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406.
by Jamal Pecou
DataCheck Solutions LinkPal <1 - SQL Injection
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
DataCheck Solutions GalleryPal FE 1.5 - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
ClickTrackerASP - 'sitedetails.asp?siteid' SQL Injection
by R3d-D3V!L
Scriptsez Ez Poll Hoster - Cross-Site Scripting via pid or uid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.
by Milos Zivanovic
WSCreator 1.1 - SQL Injection via Email Parameter
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.
by Salvatore Fresta
Traidnt Discovery - Cross-Site Request Forgery (Create Staff Account)
by G0D-F4Th3r
The Next Generation of Genealogy Sitebuilding - 'searchform.php' Cross-Site Scripting
by bi0
Text Exchange Pro - Cross-Site Request Forgery (Add Admin)
by bi0
TenderSystem 0.9.5 - 'main.php' Multiple Local File Inclusions
by Packetdeath
Scriptsez Smart PHP Subscriber - Info Disclosure
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
by Milos Zivanovic
phpfaber Content Management System - Cross-Site Scripting via mod Parameter
Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter.
by bi0
ScriptsEz Mini Hosting Panel - Cross-Site Request Forgery via Admin Panel Action
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action.
by Milos Zivanovic
texmedia Million Pixel Script 3 - Cross-Site Scripting via pa Parameter
Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information.
by bi0
Link Up Gold 5.0 - Cross-Site Request Forgery in Administrative Account Creation
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
by bi0
Ez Poll Hoster - Multiple Cross-Site Scripting Vulnerabilities
by Milos Zivanovic
Scriptsez.net Ez Poll Hoster - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.
by Milos Zivanovic
By Source