Text Exploits
31,386 exploits tracked across all sources.
Lanai Core 0.6 - Path Traversal via Download Module f Parameter
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
by Khashayar Fereidani
War-FTPD 1.65 - MKD/CD Requests Denial of Service
by opt!x hacker
Uebimiau Webmail 3.2.0-2.0 - Unauthenticated Exposure of Sensitive Information via Direct Request
Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.
by Septemb0x
Radvision Scopia - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Francesco Bianchino
PHP Dir Submit - Authenticated SQL Injection via aid Parameter
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.
by Mr.tro0oqy
New 5 Star Rating 1.0 - SQL Injection
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.
by Bgh7
Moa Gallery 1.1.0 and 1.2.0 - SQL Injection via gallery_id Parameter
SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action.
by Mr.tro0oqy
lanai-core 0.6 - Exposure of Sensitive Information via info.php
Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.
by Khashayar Fereidani
com_ninjamonials 1.1.0 - SQL Injection via testimID Parameter
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
by Chip d3 bi0s
jtips com_jtips - SQL Injection via Season Parameter
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
by Chip d3 bi0s
CuteFlow 2.10.3 and 2.11.0_c - Unauthenticated User Account Modification via Direct Request
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
by Hever Costa Rocha
Arcade Trade Script 1.0 - Auth Bypass
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
by Mr.tro0oqy
BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities
by kingcope
Netgear WNR2000 FW 1.2.0.8 - Information Disclosure
by Jean Trolleur
Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities
by Jerome Athias
Live For Speed S2 - Duplicate Join Packet Remote Denial of Service
by Luigi Auriemma
PHP Shopping Cart Selling Website Script - SQL Injection
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by 599eme Man
PHP Shopping Cart Selling Website Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.
by 599eme Man
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
PHP Scripts Now Riddles - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
by Moudi
PHP Scripts Now Riddles - SQL Injection via list.php catid Parameter
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Moudi
By Source