Text Exploits
31,386 exploits tracked across all sources.
phpMyFAQ < 2.5.5 - Cross-Site Scripting via Multiple Index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
Joomla! com_proofreader <1.0 RC9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.
by MustLive
MojoBlog RC 0.15 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php.
by kaMtiEz
Joaktree com_joaktree 1.0 - SQL Injection via treeId Parameter
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.
by Don Tukulesto
Ciamos CMS < 0.9.5 - Remote Code Execution via module_path Parameter
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
by cr4wl3r
Apache Tomcat 3.2.1 - 404 Error Page Cross-Site Scripting
by MustLive
Oracle - SYS.LT.REMOVEWORKSPACE Evil Cursor
by Andrea Purificato
Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor
by Andrea Purificato
Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor
by Andrea Purificato
Oracle - ctxsys.drvxtabc.create_tables Evil Cursor
by Andrea Purificato
WordPress Plugin WP-Polls 2.x - Incorrect Flood Filter
by Jbyte
SmartMedia 0.85 Beta - Cross-Site Scripting via CategoryID Parameter
Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter.
by SoldierOfAllah
Joomla! com_quicknews - SQL Injection
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.
by Don Tukulesto
Joomla! MusicGallery - SQL Injection
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Don Tukulesto
Elxis CMS - Path Traversal via Feed Creator Filename Parameter
Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by cr4wl3r
XOOPS 0.5 - Content Module - SQL Injection
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by s4r4d0
FreeBSD 7.1-8.0 - Privilege Escalation
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.
by kingcope
Eshopbuilde CMS - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp.
by Isfahan
By Source