Text Exploits
31,394 exploits tracked across all sources.
OpenX 2.6.3 - Remote File Inclusion via MAX_type Parameter
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
by Charlie Briggs
OpenX 2.6.3 - Remote File Inclusion via MAX_type Parameter
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
by Sarid Harper
ElearningForce Flash Magazine Deluxe - SQL Injection via mag_id Parameter
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
by TurkGuvenligi
Groone GLinks 2.1 - SQL Injection via Cat Parameter
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by nuclear
ConPresso CMS 4.07 - Multiple Remote Vulnerabilities
by David Vieira-Kurz
ClickAuction - SQL Injection via txtEmail or txtPassword Parameter
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Pidgin 2.4.1 - Denial of Service via Long Filename in MSN Message
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
by Juan Pablo Lopez Yacubian
E-ShopSystem - Authentication Bypass / SQL Injection
by InjEctOr5
OpenGoo 1.1 - Path Traversal via form_data[script_class] Parameter
Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.
by fuzion
Flax Article Manager 1.1 - SQL Injection
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by JIKO
PostgreSQL 8.2/8.3/8.4 - UDF for Command Execution
by Bernardo Damele
PHP-Nuke <8.1.0.3.5b - SQL Injection
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
by Sina Yazdanmehr
Oblog - Cross-Site Scripting via err.asp Message Parameter
Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by arash.setayeshi
BBSXP < 5.13 - Cross-Site Scripting via Error Page Message Parameter
Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by arashps0
OwnRS CMS 1.2 - SQL Injection via autor.php id Parameter
SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nuclear
Asp Project Management 1.0 - Auth Bypass
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
by Khashayar Fereidani
Joomla! beamospetition <1.0.12 - SQL Injection
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
by vds_s
Sigsiu Online Business Index 2 <RC 2.8.2 - SQL Injection
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2
by Br1ght D@rk
Joomla! com_beamospetition 1.0.12 - XSS
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
by vds_s
AXIS 70U - Network Document Server Privilege Escalation / Cross-Site Scripting
by DSecRG
By Source