Text Exploits
31,394 exploits tracked across all sources.
CF_Forum - SQL Injection via categorynbr Parameter
SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
by AlpHaNiX
CFMSource CF_Auction - SQL Injection via forummessages.cfm categorynbr Parameter
SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
by AlpHaNiX
CFMSource CFMBlog - SQL Injection via categorynbr Parameter
SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
by AlpHaNiX
CF Shopkart 5.2.2 - Unauthenticated Sensitive Information Exposure via Database File Access
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.
by AlpHaNiX
PHPmyGallery 1.5 beta - Remote File Inclusion via conf[lang] Parameter
Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316.
by CoBRa_21
phpmygallery 1.0 beta2 - Remote File Inclusion via Lang Parameter Path Traversal
Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318.
by ZoRLu
PHPmyGallery 1.0 beta2 - Remote Code Execution via confdir Parameter
PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316.
by ZoRLu
ProQuiz 1.0 - SQL Injection via Username Parameter
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Osirys
Triangle Solutions PHP Multiple Newsletters 2.7 - XSS
Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by ahmadbady
PostEcards - SQL Injection via cid Parameter
SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by AlpHaNiX
Vinagre 0.5.x-0.5.1 and 2.x-2.24.1 - Remote Code Execution via Format String in URI or VNC Response
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
by Core Security
ProQuiz 1.0 - SQL Injection via Password Parameter
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312.
by Osirys
PHPmyGallery 1.5 beta - Remote Code Execution via admindir Parameter
PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317.
by CoBRa_21
PHPmyGallery 1.5 beta - Remote File Inclusion via conf[lang] Parameter
Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316.
by ZoRLu
PHP Multiple Newsletters <2.7 - Path Traversal
Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by ahmadbady
Peel 3.1 - SQL Injection via rubid Parameter
SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572.
by SuB-ZeRo
Netref 4.0 - SQL Injection via id Parameter
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
by SuB-ZeRo
PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment
by gat3way
Professional Download Assistant 0.1 - SQL Injection
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
by ZoRLu
Professional Download Assistant 0.1 - SQL Injection
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
by ZoRLu
PostEcards - Unauthenticated Sensitive Information Exposure via Direct Database File Access
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
by AlpHaNiX
Poll Pro 2.0 - SQL Injection via Login Username or Password Parameter
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.
by AlpHaNiX
XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
by Michael Brooks
XAMPP 1.6.8 - Remote Code Execution via SERVER Superglobal Variable Spoofing
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.
by Michael Brooks
XOOPS 2.3.1 - Path Traversal via xoopsConfig[language] Parameter
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.
by DSecRG
By Source