Text Exploits
31,392 exploits tracked across all sources.
RadNICS Gold 5 - Cross-Site Scripting via Order or Fid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.
by Moudi
RadScripts RadLance Gold 7.5 - SQL Injection
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
by Moudi
RadScripts RadBids Gold 4 - Cross-Site Scripting via Storefront Mode Parameter
Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
by Moudi
Joomla! Jobline <1.3.1 - SQL Injection
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php.
by ManhLuat93
FreeWebScriptz Honest Traffic 1.x - Cross-Site Scripting via msg Parameter
Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Moudi
Good/Bad Vote <unknown> - Path Traversal
Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information.
by Moudi
Ger Versluis 2000 5.5 24 - 'SITE_fiche.php' SQL Injection
by DeCo017
Battle Blog 1.25 and 1.30 build 2 - Cross-Site Scripting via Comment
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment.
by $qL_DoCt0r
JoxTechnology Ajox Poll - Unauthenticated Authentication Bypass via Direct Request to admin/managepoll.php
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
by SirGod
RealNetworks Helix Server <13.0.0 - DoS
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.
by Core Security
Linux kernel 2.6.30-2.6.30.1 - Privilege Escalation
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
by spender
Zenphoto 1.2.5 - Cross-Site Scripting via Admin.php From Parameter
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.
by petros
Music Tag Editor 1.61 build 212 - Stack-based Buffer Overflow via Long ID3 Tag in MP3 File
Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information.
by LiquidWorm
Microsoft Office Web Components Spreadsheet ActiveX Control - Remote Code Execution via msDataSourceObject Method
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
by anonymous
Audio Editor Pro 2.91 - Remote Memory Corruption (PoC)
by LiquidWorm
Zenphoto 1.2.5 - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.
by petros
webLeague 2.2.0 - 'install.php' Remote Change Password
by TiGeR-Dz
VS PANEL 7.5.5 - SQL Injection via Cat_ID Parameter
SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.
by C0D3R-Dz
SkyBlueCanvas 1.1 r237 - Path Traversal
Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.
by MaXe
Scriptsez Ultimate Poll - Cross-Site Scripting via demo_page.php clr Parameter
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action.
by Moudi
PHP Live! 3.2.1-3.2.2 - SQL Injection via x Parameter
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.
by boom3rang
dB Masters MultiMedia's Content Manager 4.5 - SQL Injection
by NoGe
XAMPP 1.6.x - 'showcode.php' Local File Inclusion
by MustLive
iPhone OS 1.0-2.2.1 and iPod touch 1.1-2.2.1 - Denial of Service via HTMLSelectElement Length Attribute
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
by Thierry Zoller
By Source