Text Exploits
31,392 exploits tracked across all sources.
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
by Moudi
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
by Moudi
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
by Moudi
LightOpenCMS 0.1 - Path Traversal via cwd Parameter
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
by JosS
Joomla! Component com_pinboard - Arbitrary File Upload
by ViRuSMaN
amoCourse (com_amocourse) - SQL Injection via catid Parameter
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
by Chip d3 bi0s
Glossword 1.8.11 - 'index.php?x' Local File Inclusion
by t0fx
BASE 1.2.4 - (Authentication Bypass) Insecure Cookie Handling
by Tim Medin
Star Wars Battlefront II 1.1 - Remote Denial of Service
by Luigi Auriemma
phpCollegeExchange 0.1.5c - Remote Code Execution via URL Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue.
by CraCkEr
phpCollegeExchange 0.1.5c - Cross-Site Scripting via Session Handle or Home Parameter
Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/.
by CraCkEr
CommuniGate Pro 5.2.14 - Web Mail URI Parsing HTML Injection
by Andrea Purificato
Kasseler CMS - Cross-Site Scripting via URL Parameter in Redirect Action
Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.
by S(r1pt
Campsite 3.3.0 RC1 - Remote Code Execution via GLOBALS[g_campsiteDir] Parameter
Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/.
by CraCkEr
Campsite 3.3.0 RC1 - Cross-Site Scripting via listbasedir Parameter
Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter.
by CraCkEr
phpDatingClub 3.7 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by ThE g0bL!N
SourceBans 1.4.2 - Arbitrary Change Admin Email
by Mr. Anonymous
RS-CMS 2.1 - SQL Injection via key Parameter
SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter.
by Mr.tro0oqy
phpDatingClub 3.7 - SQL Injection via search.php sform[day] Parameter
SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter.
by ThE g0bL!N
Pc4 Uploader <10.0 - Path Traversal
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
by Qabandi
Kasseler CMS 1.3.5 lite - Path Traversal
Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from third party information.
by S(r1pt
Joomla! Component com_tickets 2.1 - 'id' SQL Injection
by Chip d3 bi0s
Gravy Media Photo Host 1.0.8 - Path Traversal
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.
by Lo$er
elgg - Cross-Site Scripting / Cross-Site Request Forgery / Change Password
by lorddemon
Campsite <3.3.0 RC1 - Path Traversal
Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter.
by CraCkEr
By Source