Text Exploits
31,394 exploits tracked across all sources.
ASPPortal - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
by ZoRLu
ASP AutoDealer - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
by ZoRLu
Merlix Educate Server - Information Disclosure via Direct Request to config.asp and users.asp
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
by ZoRLu
Merlix Teamworx Server - SQL Injection
SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.
by ZoRLu
ASP AutoDealer - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by AlpHaNiX
Nightfall Personal Diary 1.0 - Cross-Site Scripting via login.asp Username Parameter
Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information.
by AlpHaNiX
NULL FTP Server Free and Pro 1.1.0.7 - Authenticated Command Injection via SITE Command
Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.
by Tan Chew Keong
Tizag Countdown Creator 3 - Unauthenticated Arbitrary File Upload via index.php
Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information.
by ahmadbady
Nightfall Personal Diary 1.0 - Info Disclosure
Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb.
by AlpHaNiX
Multiple Membership Script 2.5 - SQL Injection via id Parameter
SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ViRuS_HaCkErS
Merlix Teamworx Server - Info Disclosure
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.
by ZoRLu
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
by AlpHaNiX
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.
by AlpHaNiX
Merlix Educate Server - Unauthenticated Sensitive Information Exposure via Direct Request to db.mdb
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
by ZoRLu
Cold BBS - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.
by ahmadbady
ASPTicker 1.0 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
by ZoRLu
ASP Portal - SQL Injection
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
by AlpHaNiX
ASP AutoDealer - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
by AlpHaNiX
PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
ASP Template Creature - Media Level < SQL Injection
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
by ZoRLu
Gravity GTD <0.4.5 - Path Traversal
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.
by dun
PHPSTREET Webboard 1.0 - Unauthenticated Sensitive Information Exposure via Direct Request
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.
by CWH Underground
User Engine Lite ASP - Info Disclosure
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.
by AlpHaNiX
ASP Template Creature - Info Disclosure
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
by ZoRLu
W3matter RevSense 1.0 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
by Pouya_Server
By Source