Text Exploits
31,394 exploits tracked across all sources.
PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
NPDS < 08.06 - Multiple Input Validation Vulnerabilities
by Jean-François Leclerc
My Simple Forum <4.1 - Path Traversal
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
by cOndemned
lcxBBportal 0.1 Alpha 2 - Remote Code Execution via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.
by NoGe
Joomla! com_mydyngallery 1.4.2 - SQL Injection
SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php.
by Khashayar Fereidani
Gravity GTD <0.4.5 - Code Injection
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
by dun
cctiddly 1.7.4 and 1.7.6 - Remote Code Execution via cct_base Parameter
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
by cOndemned
BNCwi < 1.04 - Remote File Inclusion via Newlanguage Parameter
Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter.
by dun
Easy Content Management Publishing - Unauthenticated Database Download via Direct Request
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.
by BeyazKurt
yappa-ng - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
by Pouya_Server
yappa-ng 2.3.2 - Cross-Site Scripting via Album Parameter
Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
by Pouya_Server
Rae Media Contact Management Software - SQL Injection via Password Parameter
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
by b3hz4d
Multi SEO phpBB 1.1.0 - Remote Code Execution via pfad Parameter
PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
by NoGe
ASP User Engine.NET - Unauthenticated Sensitive Information Exposure via Direct Database Download
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
by AlpHaNiX
Gallery MX 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by R3d-D3V!L
Calendar Mx Professional 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by R3d-D3V!L
Ocean12 Mailing List Manager Gold - XSS
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
by Pouya_Server
Ocean12 Mailing List Manager Gold - SQL Injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
by Pouya_Server
Z1Exchange - SQL Injection via showads.php id Parameter
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Pouya_Server
Z1Exchange 1.0 - Cross-Site Scripting via showads.php id Parameter
Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by Pouya_Server
Sunbyte e-Flower - SQL Injection via popupproduct.php id Parameter
SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter.
by w4rl0ck
Rapid Classified 3.1 and 3.15 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.
by CoBRa_21
i-Net Solution Orkut Clone - SQL Injection
SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
by d3b4g
i-Net Solution Orkut Clone - Authenticated Cross-Site Scripting via Profile Social ID Parameter
Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.
by d3b4g
Ocean12 Mailing List Manager Gold - Info Disclosure
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
by Pouya_Server
By Source