Text Exploits
31,392 exploits tracked across all sources.
Opial 1.0 - Cross-Site Scripting via genres_parent Parameter
Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genres_parent parameter.
by LMaster
Opial 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via User Image
Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php.
by LMaster
Joomla! Component com_category - 'catid' SQL Injection
by Prince_Pwn3r
Ebay Clone 2009 - SQL Injection via user_id or item_id Parameter
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php; and the item_id parameter to (2) view_full_size.php, (3) classifide_ad.php, and (4) crosspromoteitems.php.
by MizoZ
d.net CMS - Arbitrary Reinstall/Blind SQL Injection
by darkjoker
WordPress and WordPress MU < 2.8.1 - Username Enumeration via Forgotten Mail Interface
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
by Core Security
WordPress < 2.8.1 - Username Enumeration via Failed Login Behavior
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
by Core Security
Citrix XenCenterWeb - Cross-Site Request Forgery via Password Change or VM Stop
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.
by Secure Network
CVSS 8.8
Citrix XenCenterWeb - SQL Injection via login.php Username Parameter
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by Secure Network
Citrix XenCenterWeb - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information.
by Secure Network
phpBMS 0.96 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledefs_options.php, and (5) adminsettings.php in phpbms\modules\base\.
by eLwaux
phpBMS 0.96 - SQL Injection via id/f/tid Parameters
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.
by eLwaux
Citrix XenCenterWeb - Remote Code Execution via config/writeconfig.php Pool1 Parameter
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.
by Secure Network
OtsAV DJ, Radio, and TV 1.85.64.0 - Heap-Based Buffer Overflow via Long Playlist in OFL File
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.
by Stack
WordPress < 2.8.1 - Unauthenticated Sensitive Information Exposure via Plugin Configuration
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.
by Core Security
ToyLog 0.1 - SQL Injection via idm Parameter
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
by darkjoker
phpBMS 0.96 - Exposure of Sensitive Information via Direct Request
phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message.
by eLwaux
Phenotype CMS < 2.9 - SQL Injection via Login Name Parameter
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).
by Khashayar Fereidani
MyMsg 1.0.3 - Authenticated SQL Injection via Profile.php uid Parameter
SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action.
by Monster-Dz
LionWiki 3.0.3 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
by MoDaMeR
Joomla! Component com_propertylab - 'auction_id' SQL Injection
by Chip d3 bi0s
Jobbr 2.2.7 - SQL Injection via emp_id Parameter
SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter.
by Moudi
GenCMS 2006 - Path Traversal via 'p' Parameter in show.php and 'Template' Parameter in admin/pages/SiteNew.php
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php.
by eLwaux
Ebay Clone 2009 - Cross-Site Scripting via Search Mode Parameter
Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
by Moudi
Digitaldesign CMS 0.1 - Info Disclosure
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.
by darkjoker
By Source