Text Exploits
31,386 exploits tracked across all sources.
PHP Inventory 1.2 - SQL Injection via User ID, Username, or Password Parameter
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.
by mr_me
Nuggetz CMS 1.0 - Path Traversal and Arbitrary File Write via nugget Parameter
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code.
by Amol Naik
Fernando Soares Mamboleto <2.0 RC3 - RCE
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Don Tukulesto
JS Jobs (com_jsjobs) 1.0.5.6 - SQL Injection via md or oi Parameter
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
by kaMtiEz
com_jphoto 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
by kaMtiEz
OPMANAGER - Blind SQL Injection / XPath Injection
by Asheesh kumar Mani Tripathi
Invision Power Board 2.x-3.0.4 - Cross-Site Scripting via .txt Attachment
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
by Xacker
CVSS 6.1
NetArt Media Real Estate Portal 2.0 - SQL Injection
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information.
by AnTi SeCuRe
TestLink - Authenticated SQL Injection via Test Case ID or logLevel Parameter
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
by Core Security
NetArt Media Real Estate Portal 2.0 - SQL Injection
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by AnTi SeCuRe
THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure
by AnTi SeCuRe
Viscacha 0.8 Gold - Authenticated Cross-Site Scripting via Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information.
by mr_me
IRAN N.E.T E-Commerce Group - SQL Injection
by Dr.0rYX & Cr3W-DZ
Alqatari Q R Script 1.0 - SQL Injection via lesson.php id Parameter
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Red-D3v1L
AlefMentor 2.0 and 2.2 - SQL Injection via cont_id and courc_id Parameters
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.
by Red-D3v1L
SiSplet CMS 2008-01-24 - Multiple Remote File Inclusions
by cr4wl3r
MarieCMS 0.9 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
by Amol Naik
Chipmunk NewsLetter - Persistent Cross-Site Scripting
by mr_me
Advanced Image Hosting Script 2.x - 'search.php' Cross-Site Scripting
by aBo MoHaMeD
Barracuda IMFirewall 620 - Multiple Vulnerabilities
by Global-Evolution
Elkagroup Image Gallery - SQL Injection
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.
by SadHaCkEr
AROUNDMe 1.1 - Remote Code Execution via Language Path Parameter
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
by cr4wl3r
By Source