Text Exploits
31,394 exploits tracked across all sources.
Apache Jackrabbit < 1.5.2 - Cross-Site Scripting via Search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
by Red Hat
Apache Jackrabbit < 1.5.2 - Cross-Site Scripting via Search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
by Red Hat
MoinMoin < 1.8.1 - Cross-Site Scripting via AttachFile Action Parameters
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
by SecureState
QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)
by kokanin
Ninja Blog 4.8 - Path Traversal via Cat Parameter
Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
by Danny Moules
Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection
by Danny Moules
Gallery Kys 1.0 - Admin Password Disclosure / Persistent Cross-Site Scripting
by Osirys
QNX RTOS 6.4 - '.ELF' Binary File Local Denial of Service
by kokanin
SCMS 1 - Path Traversal via Index.php P Parameter
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
by ahmadbady
GigCalendar (com_gigcal) 1.0 - SQL Injection via gigcal_venues_id or gigcal_bands_id Parameter
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
by Lanti-Net
Enhanced Simple PHP Gallery <1.72 - Path Traversal
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
by bd0rk
ROBS-PROJECTS Digital Sales IPN - Info Disclosure
ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.
by Moudi
Katy Whitton RankEm - Cross-Site Scripting via siteID Parameter
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
by Pouya_Server
Katy Whitton BlogIt! - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
Katy Whitton BlogIt! - Cross-Site Scripting via Index.asp View Parameter
Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.
by Pouya_Server
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
by Pouya_Server
Simple PHP Newsletter <1.5 - Path Traversal
Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php.
by ahmadbady
Katy Whitton RankEm - Info Disclosure
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
by Pouya_Server
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Pouya_Server
BibCiter 1.4 - SQL Injection via idp, idc, or idu Parameter
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php.
by nuclear
By Source