Text Exploits
31,394 exploits tracked across all sources.
Aj Classifieds Real Estate 3.0 - Arbitrary File Upload
by ZoRLu
Aj Classifieds Personals 3.0 - Arbitrary File Upload
by ZoRLu
Aj Classifieds For Sale 3.0 - Arbitrary File Upload
by ZoRLu
LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting
by clément Oudot
WarHound Walking Club - SQL Injection
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by ByALBAYX
Enthrallweb eReservations - SQL Injection
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
by ByALBAYX
DMXReady Blog Manager - SQL Injection
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
by Pouya_Server
DMXReady Blog Manager - Cross-Site Scripting via CategoryID Parameter
Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.
by Pouya_Server
MKPortal 1.2.1 - '/modules/rss/handler_image.php?i' Cross-Site Scripting
by waraxe
MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection
by waraxe
Masir Camp 3.0 - 'SearchKeywords' SQL Injection
by Pouya_Server
RD-Autos 1.5.5 Stable - SQL Injection via id Parameter
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by H!tm@N
SIR GNUBoard 4.31.03 - Path Traversal
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
by flyh4t
Free Bible Search PHP Script 1.0 - SQL Injection
SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter.
by nuclear
Ganglia 3.1.1 - Stack-based Buffer Overflow via Long Pathname in process_path
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.
by Spike Spiegel
LinksPro Standard Edition - SQL Injection
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.
by Pouya_Server
DMXReady Billboard Manager 1.1 - Arbitrary File Upload
by ajann
Active Bids - SQL Injection via search.asp search Parameter
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.
by Pouya_Server
Active Bids - Cross-Site Scripting via Search Parameter or URL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp.
by Pouya_Server
ATCOM Netvolution 1.0 ASP - SQL Injection via bpe_nid Parameter
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
by Ellinas
By Source