Text Exploits
31,392 exploits tracked across all sources.
phpMyBlockchecker 1.0.0055 - Auth Bypass
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
by SirGod
CVSS 9.8
NTSOFT BBS E-Market Professional - Cross-Site Scripting via Page, bt_code, or b_no Parameters
Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.
by Ivan Sanchez
maxdev cwguestbook < 2.1 - SQL Injection via rid Parameter
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.
by Dante90
Jax FormMailer 3.0.0 - Remote Code Execution via BASE_DIR Parameter
PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the BASE_DIR[jax_formmailer] parameter.
by ahmadbady
BIGACE Web CMS 2.6 - Path Traversal
Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
by CWD@rBe
DM Albums 1.9.2 - Remote Code Execution via SECURITY_FILE Parameter
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
by Septemb0x
WHOISCART - Authentication Bypass / Information Disclosure
by SecurityRules
PHP-Sugar 0.80 - Path Traversal via t Parameter
Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter.
by ahmadbady
osTicket < 1.6 - SQL Injection via Staff Username Parameter
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
by Adam Baldwin
Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities
by Moudi
SMSPages 1.0 - SQL Injection via CatID Parameter
SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
by SecurityRules
com_php - SQL Injection via id Parameter
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Chip d3 bi0s
com_k2 < 1.0.1 - SQL Injection via Category Parameter
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
by Chip d3 bi0s
DM FileManager 3.9.4 - Remote Code Execution via SECURITY_FILE Parameter
PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
by Septemb0x
Clicknet CMS 2.1 - Path Traversal via Side Parameter
Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.
by ThE g0bL!N
Censura 2.0.4 and 2.1.0 - Cross-Site Scripting via ProductSearch q Parameter
Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action.
by mark99
Audio Article Directory - Path Traversal
Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
by ThE g0bL!N
cPanel - Path Traversal via Domain Parameter in Last Visit Stats Page
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
by SecurityRules
Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting
by Moudi
Joomla! Component Permis 1.0 (com_groups) - 'id' SQL Injection
by Prince_Pwn3r
Google Chrome 2.0.172 - 'chrome://history/' URI Cross-Site Scripting
by Karn Ganeshen
PG Roommate Finder Solution - Cross-Site Scripting via Part Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
by Moudi
PG Roommate Finder Solution - Cross-Site Scripting via Part Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
by Moudi
By Source