Text Exploits
31,386 exploits tracked across all sources.
Mini CMS 1.0.1 - SQL Injection via Page ID Parameter
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ins3t
Hitron Soft Answer Me 1.0 - Cross-Site Scripting via q_id Parameter
Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information.
by Moudi
Online Work Order Suite Lite Edition - Multiple Cross-Site Scripting Vulnerabilities
by Moudi
Logoshows BBS 2.0 - Info Disclosure
Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb.
by ZoRLu
Cromosoft Technologies Facil Helpdesk 2.3 Lite - RCE
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by Moudi
IsolSoft Support Center 2.5 - Remote Code Execution via Lang Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by Moudi
Adult Banner Exchange Website - SQL Injection
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
by 599eme Man
Valve Steam <2.10.91.91 - Privilege Escalation
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
by MrDoug
Typing Pal 1.0 - SQL Injection via idTableProduit Parameter
SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter.
by Red-D3v1L
PHPCityPortal - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information.
by CoBRa_21
PHP Photo Vote 1.3F - Cross-Site Scripting via Login Page Parameter
Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
PHP Easy Shopping Cart 3.1R - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by Moudi
PhotoPost PHP 3.3.1 - 'cat' Cross-Site Scripting / SQL Injection
by 599eme Man
Logoshows BBS 2.0 - Authentication Bypass via Cookie Manipulation
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies.
by ZoRLu
Logoshows BBS 2.0 - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by Dns-Team
Logoshows BBS 2.0 - SQL Injection via globepersonnel_forum.asp forumid Parameter
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
by Ruzgarin_Oglu
IsolSoft Support Center 2.5 - Cross-Site Scripting via lang Parameter
Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
by Moudi
Cromosoft Technologies Facil Helpdesk 2.3 Lite - XSS
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
Cromosoft Technologies Facil Helpdesk 2.3 Lite - XSS
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
e-soft24 Banner Exchange Script 1.0 - SQL Injection via click.php targetid Parameter
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
by 599eme Man
Alwasel 1.5 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.
by SwEET-DeViL
LM Starmail Paidmail 2.0 - SQL Injection via ID Parameter
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by int_main();
By Source