Text Exploits
31,394 exploits tracked across all sources.
BabbleBoard 1.1.6 - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.
by SirGod
Aperto Blog 0.1.1 - Path Traversal
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by NoGe
Amaya Web Browser 10.0.1/10.1-pre5 - HTML Tag Buffer Overflow (PoC)
by webDEViL
Forest Blog 1.3.2 - Info Disclosure
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
by Cold Zero
CodeAvalanche RateMySite - Info Disclosure
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche FreeWallpaper - Info Disclosure
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche FreeForAll - Info Disclosure
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche Directory - Info Disclosure
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CodeAvalanche Articles - Info Disclosure
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
ClickAndEmail - Cross-Site Scripting via tablename Parameter in admin_dblayers.asp
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
by AlpHaNiX
Click&Rank - Cross-Site Scripting via user.asp action parameter
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.
by AlpHaNiX
phpweather 2.2.2 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by ahmadbady
Simple Text-File Login Script 1.0.6 - Info Disclosure
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt.
by Osirys
CMS ISWEB 3.0 - Cross-Site Scripting via strcerca or id_oggetto Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information.
by XaDoS
The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation
by x0r
Simple Text-File Login Script <1.0.6 - RCE
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.
by Osirys
PHP Weather 2.2.2 - Path Traversal
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by ahmadbady
Mediatheka 4.2 - Path Traversal via Lang Parameter
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by Osirys
iyzi Forum 1.0 beta 3 - Info Disclosure
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information.
by Ghost Hacker
CMS ISWEB 3.0 - SQL Injection via id_sezione Parameter
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.
by XaDoS
FlexPHPNews 0.0.6 - SQL Injection via User Check Parameters
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.
by Osirys
Free Links Directory Script 1.2a - SQL Injection
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nuclear
FlatnuX CMS 2008-12-11 - Cross-Site Scripting via mod foto or name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.
by gmda
CFAGCMS 1 - Remote Code Execution via Main or Right Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
by BeyazKurt
By Source