Text Exploits
31,392 exploits tracked across all sources.
Alstrasoft Article Manager Pro - Arbitrary File Upload
by ZoRLu
WebEyes Guest Book 3 - SQL Injection
SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter.
by Bl@ckbe@rD
Unclassified NewsBoard 1.6.4 - Path Traversal and Arbitrary File Read via GLOBALS Parameter
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter.
by girex
Unclassified NewsBoard (UNB) 1.6.4 - SQL Injection
SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686.
by girex
AIMP 2.51 build 330 - Stack-based Buffer Overflow via Long ID3 Tag
Stack-based buffer overflow in AIMP 2.51 build 330 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag.
by LiquidWorm
Unclassified NewsBoard (UNB) <1.6.4 - Info Disclosure
import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
by girex
PAD Site Scripts <3.6 - Info Disclosure
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt.
by TiGeR-Dz
Open-school 1.0 - SQL Injection via os_news Module id Parameter
SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.
by OzX
Online Grades & Attendance <3.2.6 - SQL Injection
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
by YEnH4ckEr
OCS Inventory NG 1.02 - SQL Injection via download.php Parameters or group_show.php SYSTEMID
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
by Nico Leidecker
Joomlaequipment <2.0.4 - SQL Injection
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
by Chip d3 bi0s
Escon SupportPortal Pro 3.0 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
by OzX
elitecms 1.01 - SQL Injection / Cross-Site Scripting
by xeno_hive
ecsportal rel 6.5 - 'article_view_photo.php?id' SQL Injection
by taRentReXx
AdaptBB 1.0 - Remote Code Execution
PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter.
by Mehmet Ince
ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution
by Securitum
Linksys WAG54G2 - Web Management Console Arbitrary Command Execution
by Securitum
R2 Newsletter Lite/Pro/Stats - Info Disclosure
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.
by TiGeR-Dz
com_jvideo 0.3.11c Beta and 0.3.x - SQL Injection via user_id Parameter
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
by Chip d3 bi0s
Small Pirate 2.1 - Stored Cross-Site Scripting via img BBCode Tag onmouseover Action
Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.
by YEnH4ckEr
Zen Help Desk 2.1 - SQL Injection via Userid or Password Parameter
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
by TiGeR-Dz
Traidnt Up 2.0 - SQL Injection via trupuser and truppassword Cookies
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
by Qabandi
Small Pirate 2.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.
by YEnH4ckEr
Million Dollar Text Links <1.0 - SQL Injection
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Qabandi
By Source