Text Exploits
31,394 exploits tracked across all sources.
PHPAuctionSystem - Multiple Remote File Inclusions
by darkmasking
IT!CMS < 0.21-alpha - SQL Injection via Username Parameter
SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username.
by certaindeath
EZpack 4.2b2 - Cross-Site Scripting via mdfd Parameter in index.php
Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action.
by !-BUGJACK-!
BlogHelper - Unauthenticated Database File Download via Direct Request
BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
by ahmadbady
Oracle Database <11.1.0.6 - Info Disclosure
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983.
by sh2kerr
Oracle Database <11.1.0.6 - Info Disclosure
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984.
by sh2kerr
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (1)
by sh2kerr
Debian XTERM - 'DECRQSS/comments' Code Execution
by Paul Szabo
phpauctions - SQL Injection via profile.php user_id Parameter
SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by x0r
Google Chrome 1.0.154.36 - FTP Client PASV Port Scan Information Disclosure
by Aditya K Sood
PHPAuctions - Unauthenticated Authentication Bypass via Cookie Manipulation
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.
by ZoRLu
phpauctions - Cross-Site Scripting via profile.php user_id Parameter
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
by x0r
Joomla! Component simple_review 1.x - SQL Injection
by EcHoLL
Ayemsis Emlak Pro - 'acc.mdb' Database Disclosure
by ByALBAYX
WSN Guest 1.23 - SQL Injection via Search Parameter
SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.
by DaiMon
plx Auto Reminder 3.7 - SQL Injection
SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.
by ZoRLu
PhpMesFilms 1.0 and 1.8 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by SuB-ZeRo
phpSkelSite 1.4 - Remote Code Execution via Theme Parameter
PHP remote file inclusion vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
by ahmadbady
phpSkelSite 1.4 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by ahmadbady
phpSkelSite 1.4 - Remote File Inclusion via TplSuffix Parameter
Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.
by ahmadbady
Built2Go PHP Rate My Photo 1.46.4 - Arbitrary File Upload
by ZoRLu
By Source