Text Exploits
31,386 exploits tracked across all sources.
Implied By Design Micro CMS <3.5 - RCE
PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by learn3r hacker
InterVations NaviCOPA Web Server 3.01 - Unauthenticated Source Code Exposure via ::$DATA Suffix
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
by Dr_IDE
TuttoPHP Morris Guestbook - 'view.php' Cross-Site Scripting
by Moudi
RSSMediaScript - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
phppollscript < 1.3 - Remote Code Execution via include_class Parameter
PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter.
by cr4wl3r
Zenas PaoLink 1.0 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
Zenas PaoBacheca Guestbook 2.1 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
by Moudi
Zenas PaoBacheca Guestbook 2.1 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
by Moudi
YABSoft Mega File Hosting Script 1.2 - Cross-Site Scripting via emaullinks.php moudi Parameter
Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Moudi
com_foobla_suggestions 1.5.11 - SQL Injection via idea_id Parameter
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
by Chip d3 bi0s
Elite Gaming Ladders 3.2 - SQL Injection via Platform Parameter
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
by snakespc
AdsDX 3.05 - SQL Injection via Username Parameter
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.
by snakespc
Linux Kernel 2.6.31-rc1 - Buffer Overflow via perf_counter_open System Call
Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call.
by Xiao Guangrong
Installshield 2009 15.0.0.53 Premier - 'ISWiAutomation15.dll' ActiveX Arbitrary File Overwrite
by the_Edit0r
BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass
by Usman Saeed
Protector Plus AntiVirus 8/9 - Local Privilege Escalation
by Maxim A. Kulakov
Novell Groupwise Client 7.0.3.1294 - Buffer Overflow
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.
by Francis Provencher
FileCopa FTP Server 5.01 - Denial of Service via Crafted NOOP Commands
FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands.
by Asheesh kumar Mani Tripathi
QuikSoft EasyMail MailStore ActiveX emmailstore.dll 6.5.0.3 - Buffer Overflow via CreateStore Method
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
by Francis Provencher
EasyMail Quicksoft 6.0.2.0 - ActiveX Remote Code Execution (PoC)
by Francis Provencher
Adobe Shockwave Player < 11.5.1.601 - Heap-Based Buffer Overflow via PlayerVersion Property
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
by Francis Provencher
Three Pillars Help Desk 3.0 - Authentication Bypass
by snakespc
Blueconstantmedia Com Djcatalog - SQL Injection
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
by Chip d3 bi0s
efront < 3.5.4 - Remote Code Execution via path Parameter
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
by cr4wl3r
By Source