Text Exploits
31,394 exploits tracked across all sources.
Bitrix Site Manager 6/7 - Multiple Input Validation Vulnerabilities
by aGGreSSor
AdaptCMS Lite 1.4 - Remote Code Execution via RSS Importer Sitepath Parameter
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
by RoMaNcYxHaCkEr
A Better Member-Based ASP Photo Gallery <1.2 - SQL Injection
SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
by BackDoor
Novell Open Enterprise Server 1.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
by Ivan Sanchez
PyBlosxom 1.6.3 Atom Flavor - Multiple XML Injection Vulnerabilities
by Nam Nguyen
ZeroShell <1.0beta11 - Command Injection
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
by ikki
3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass
by ikki
Netgear SSL312 - Denial of Service via Crafted Query String
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
by Rembrandt
Ninja Designs Mailist 3.0 - Path Traversal
Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information.
by SirGod
Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities
by make0day
WikkiTikkiTavi 1.11 - Unauthenticated Arbitrary File Upload and Remote Code Execution via upload.php
Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
by ByALBAYX
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
by x0r
phpyabs 0.1.2 - Remote Code Execution via Azione Parameter
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.
by Arka69
Ninja Designs Mailist <3.0 - Info Disclosure
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.
by SirGod
Ilch CMS 1.1 - 'HTTP_X_FORWARDED_FOR' SQL Injection
by Gizmore
Easy CafeEngine - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
by SuNHouSe2
Kipper 2.01 - Path Traversal via Configfile Parameter
Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.
by RoMaNcYxHaCkEr
Kipper 2.01 - Cross-Site Scripting via Charm Parameter
Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter.
by RoMaNcYxHaCkEr
bookelves kipper 2.01 - Unauthenticated Credential Exposure via Direct Request
Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.
by RoMaNcYxHaCkEr
glFusion < 1.1.1 - Cross-Site Scripting via Anonymous Comments Username Parameter
Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.
by Bjarne Mathiesen Schacht
ClearBudget 0.6.1 - Insecure Database Disclosure
by Room-Hacker
ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion
by SirGod
Barracuda Load Balancer - 'realm' Cross-Site Scripting
by Jan Skovgren
Team Board 1.x and 2.x - Unauthenticated Sensitive Information Exposure via Direct Database Access
Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.
by Pouya_Server
By Source