Text Exploits
31,386 exploits tracked across all sources.
Elgg 1.5 - Path Traversal via js Parameter
Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information.
by eLwaux
CS-Cart < 2.0.6 - Authenticated SQL Injection via Reward Points sort_order Parameter
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
by Ryan Dewhurst
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection
by Shadow
Miniweb 2.0 - SQL Injection via Survey Pro Campaign ID Parameter
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.
by Moudi
MaxCMS 3.11.20b - Path Traversal via thCMS_root Parameter
Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.
by GoLd_M
Miniweb Publisher Module 2.0 - SQL Injection via Historymonth Parameter
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.
by Moudi
elvinbts 1.2.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
by 599eme Man
x10media adult_script 1.7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.
by Moudi
x10 Adult Media Script 1.7 - SQL Injection
SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Moudi
TT Web Site Manager 0.5 - SQL Injection
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.
by SirGod
simplePHPWeb 0.2 - Unauthenticated Administrative Access via admin/files.php
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
by SirGod
SimpleLoginSys 0.5 - SQL Injection via Username Parameter
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by SirGod
Quickdev 4 PHP - Path Traversal via Download File Parameter
Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by SirGod
Questions Answered <1.3 - SQL Injection
SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by snakespc
WebDynamite ProjectButler 1.5.0 - Code Injection
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.
by cr4wl3r
PaymentProcessorScript.net - SQL Injection
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by MizoZ
PaymentProcessorScript.net - SQL Injection
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ZoRLu
Netpet CMS 1.9 - Path Traversal via Language Parameter
Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by SirGod
Multi Website 1.5 - SQL Injection via Browse Parameter
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
by SarBoT511
Miniweb 2.0 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by Moudi
Miniweb Publisher 2.0 - Cross-Site Scripting via Begin Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO.
by Moudi
MaxCMS 3.11.20b - Remote Code Execution via File Manager Special Parameter
PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter.
by GoLd_M
elvinbts 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php.
by 599eme Man
Discloser 0.0.4 rc2 - SQL Injection
SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter.
by Salvatore Fresta
By Source