Text Exploits
31,386 exploits tracked across all sources.
Model Agency Manager - 'search_process.php' Cross-Site Scripting
by bi0
Joomla! Component com_virtuemart 1.0 - 'Product_ID' SQL Injection
by SOA Crew
com_jcalpro 1.5.3.6 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by kaMtiEz
Frog CMS 0.9.5 - Cross-Site Request Forgery
by Milos Zivanovic
Chipmunk Board Script 1.x - Multiple Cross-Site Request Forgery Vulnerabilities
by Milos Zivanovic
Acc Statistics 1.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses.
by Milos Zivanovic
Acc PHP eMail 1.1 - Cross-Site Request Forgery in Password Change
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by bi0
Acc Auto Dealer Script 5.0 - Persistent Cross-Site Scripting / SQL Backup
by bi0
ZeeCareers 2.x - PHP HR Manager Website (Cross-Site Scripting / Authentication Bypass)
by bi0
gif2png <= 2.5.3 - Stack-based Buffer Overflow via Long Command-line Argument
Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.
by Razuel Akaharnath
XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
by bi0
phpCollegeExchange 0.1.5c - Multiple SQL Injections
by Salvatore Fresta
oBlog - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php.
by Milos Zivanovic
Scripts For Sites EZ e-store - SQL Injection via SearchResults.php where Parameter
SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.
by Salvatore Fresta
Digital Scribe 1.4.1 - Multiple SQL Injections
by Salvatore Fresta
Chipmunk NewsLetter - Cross-Site Request Forgery
by Milos Zivanovic
Venalsur Booking Centre Booking System for Hotels Group - SQL Injection
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
by Salvatore Fresta
PHP Inventory 1.2 - Cross-Site Scripting via sup_id Parameter
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.
by mr_me
ZeeJobsite 3x - Cross-Site Scripting via Basic Search Result Title Parameter
Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter.
by bi0
phpLDAPadmin <1.1.0.5 - Path Traversal
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
by ipsecs
By Source