Text Exploits
31,386 exploits tracked across all sources.
alibasta com_koesubmit - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Don Tukulesto
Xpdf 3.01 - Local Heap Overflow / Null Pointer Dereference
by Adam Zabrocki
httpdx 1.4 - h_handlepeer Buffer Overflow (Metasploit)
by Pankaj Kohli_ Trancer
Internet Explorer 5.01 SP4, 6, 6 SP1, 7 - Remote Code Execution via Crafted Data Stream Header
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
by Skylined
CVSS 8.8
Millenium MP3 Studio 2.0 - '.m3u' Local Buffer Overflow
by dellnull
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
by Andrea Fabrizi
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
by Andrea Fabrizi
SkyBlueCanvas 1.1 r237 - Cross-Site Scripting via mgroup mgr objtype id or dir Parameter
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters.
by MaXe
BloofoxCMS 0.3.5 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
by drunken danish rednecks
Dopewars 1.5.12 - Denial of Service via Invalid REQUESTJET Message
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
by Doug Prostko
Pentaho Business Intelligence Suite - SQL Injection via MySQL Scripts
Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts.
by antisnatchor
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
by IBM
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
by IBM
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
by IBM
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
by Andrea Fabrizi
Millenium MP3 Studio 2.0 - 'mpf' Local Buffer Overflow
by dellnull
Mozilla Firefox + Adobe - Memory Corruption (PoC)
by Skylined
Zainu 1.0 - Cross-Site Scripting via SearchSong Keyword Parameter
Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action.
by drunken danish rednecks
FreeSchool - 'key_words' Cross-Site Scripting
by drunken danish rednecks
dedecms 5.1 - SQL Injection via feedback_js.php arcurl Parameter
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.
by Securitylab Security Research
AdaptBB 1.0 - 'q' Cross-Site Scripting
by drunken danish rednecks
Achievo < 1.4.0 - SQL Injection via Userid Parameter
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
by Ryan Dewhurst
Achievo < 1.4.0 - Cross-Site Scripting via Scheduler Title and Contract Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php.
by Ryan Dewhurst
By Source