Text Exploits
31,392 exploits tracked across all sources.
HTC / Windows Mobile OBEX FTP Service - Directory Traversal
by Alberto Tablado
TalkBack 2.3.14 - Remote Code Execution via Import.php Result Parameter
addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.
by JIKO
TalkBack < 2.3.6.2 - Remote File Inclusion via Language Parameter
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by JIKO
Marcelo Costa FileServer <1.0 - Path Traversal
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.
by joepie91
Soulseek 156 and 157 NS - Stack-Based Buffer Overflow via Long Search Query
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
by laurent gaffié
webasyst shop-script - Blind SQL Injection / Cross-Site Scripting
by Vrs-hCk
WebAsyst Shop-Script - 'index.php' Cross-Site Scripting
by Vrs-hCk
TalkBack 2.3.14 - Unauthenticated Comment Modification via comments.php
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.
by JIKO
StatsCode - Multiple Cross-Site Scripting Vulnerabilities
by 599eme Man
Siteframe 3.2.x - Information Exposure via phpinfo.php Direct Request
Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
by NoGe
Online Guestbook Pro 5.1 - Cross-Site Scripting via entry Parameter
Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
by Moudi
MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload
by ThE g0bL!N
JNM Guestbook 3.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
Glossword 1.8.11 - Arbitrary Uninstall / Install
by Evil-Cod3r
Clear Content 1.1 - Path Traversal via Image.php URL Parameter
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
by MizoZ
xscreensaver 5.01 - Arbitrary File Disclosure Symlink
by kingcope
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)
by kingcope
Rapidsendit Clone Script - 'admin.php' Insecure Cookie Authentication Bypass
by NoGe
linea21 1.2.1 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action.
by 599eme Man
JNM Solutions DB Top Sites 1.0 - 'vote.php' Cross-Site Scripting
by Moudi
Tausch Ticket Script 3 - SQL Injection
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
by Moudi
Tausch Ticket Script 3 - SQL Injection
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
by Moudi
Swinger Club Portal - Anzeiger <start.php - SQL Injection
SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
by Moudi
By Source