Text Exploits
31,394 exploits tracked across all sources.
webcaf 1.4 - Local File Inclusion / Remote Code Execution
by dun
Simple Directory Listing 2 - Cross-Site Arbitrary File Upload
by Michael Brooks
PrestaShop 1.1.0.3 - Cross-Site Scripting via PATH_INFO to admin/login.php and order.php
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
by th3.r00k.ieatpork
PrestaShop 1.1.0.3 - Cross-Site Scripting via PATH_INFO to admin/login.php and order.php
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
by th3.r00k.ieatpork
phpMyAdmin 2.11.x-2.11.9.3 and 3.x-3.1.0.9 - Cross-Site Request Forgery via tbl_structure.php
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
by Michael Brooks
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
Kalptaru Infotech Product Sale Framework 0.1 - SQL Injection
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
by b3hz4d
PHPmyGallery 1.51 gold - Path Traversal
Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter.
by zAx
Mini CMS 1.0.1 - Remote File Inclusion via Page and Admin Parameters
Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
by cOndemned
Mini Blog 1.0.1 - Path Traversal via Page and Admin Parameters
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
by cOndemned
Gazatem QMail Mailing List Manager 1.2 - Info Disclosure
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
by Ghost Hacker
Professional Download Assistant 0.1 - Info Disclosure
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
by Ghost Hacker
natterchat 1.12 - Unauthenticated Sensitive Information Exposure via Direct Database File Request
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
by AlpHaNiX
Ikon AdManager <2.1 - Info Disclosure
Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.
by Ghost Hacker
aspmanage banners - Arbitrary File Upload / File Disclosure
by ZoRLu
asp talk - SQL Injection / Cross-Site Scripting
by Bl@ckbe@rD
TWiki < 4.2.4 - Cross-Site Scripting via %URLPARAM{}% Variable
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
by Marc Schoenefeld
TWiki < 4.2.4 - Remote Code Execution via SEARCH Variable
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
by Troy Bollinge
phppgadmin <= 4.2.1 - Path Traversal via _language Parameter
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
by dun
By Source