Text Exploits
31,394 exploits tracked across all sources.
ManageEngine Firewall Analyzer 5 - Cross-Site Request Forgery / Cross-Site Scripting
by Michael Brooks
Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
by Michael Brooks
NetArt Media Car Portal 1.0 - SQL Injection
SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by Mehmet Ince
GLPI 0.71.3 - Multiple SQL Injections Vulnerabilities
by Zigma
Coppermine Photo Gallery 1.4.19 - Remote File Upload
by Michael Brooks
Zoom VoIP Phone Adapater ATA1+1 1.2.5 - Cross-Site Request Forgery
by Michael Brooks
Motorola CPEi300 - Authenticated Cross-Site Scripting via sysconf.cgi Page Parameter
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.
by Usman Saeed
D-Link VoIP Phone Adapter - Cross-Site Scripting / Cross-Site Request Forgery Remote Firmware Overwrite
by Michael Brooks
Chipmunk Blogger Script - Privilege Escalation
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions.
by x0r
W3C Amaya < 11.0 - Remote Code Execution via Long Input Tag Type Parameter
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
by Core Security
SocialEngine 3.06 - SQL Injection via Blog Category ID Parameter
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by snakespc
Max.Blog 1.0.6 - 'submit_post.php' SQL Injection
by Salvatore Fresta
Max.Blog <= 1.0.6 - SQL Injection via Username Parameter
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Salvatore Fresta
Anantasoft Gazelle CMS 1.0 - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
by fuzion
gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion
by Encrypt3d.M!nd
Chipmunk Blogger Script - SQL Injection
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by x0r
Autonomy Ultraseek - Open Redirect via cs.html url Parameter
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
by buzzy
Max.Blog 1.0.6 - 'show_post.php' SQL Injection
by Salvatore Fresta
Flax Article Manager 1.1 - Remote PHP Script Upload
by S.W.A.T.
Wazzum Dating Software - SQL Injection
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
by nuclear
Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload
by Xianur0
SHOP-INET 4 - SQL Injection via show_cat2.php grid Parameter
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
by FeDeReR
Script Toko Online 5.01 - SQL Injection
SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by k1n9k0ng
By Source