Text Exploits
31,394 exploits tracked across all sources.
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
by Pouya_Server
Minimal ABlog 0.4 - Unauthenticated Remote Code Execution via File Upload
Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
by NoGe
Minimal ABlog 0.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by NoGe
KTP Computer Customer Database - Authenticated SQL Injection via tid Parameter
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
by CWH Underground
Apple QuickTime Player 7.5.5-8.0.2.20 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
by laurent gaffié
Quick Tree View .NET 3.1 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb.
by Cyber-Zone
minimal-ablog 0.4 - Unauthenticated Privilege Escalation via uploader.php
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.
by NoGe
KTP Computer Customer Database - SQL Injection via lname Parameter
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by CWH Underground
CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite / Authentication Bypass
by girex
Broadcast Machine 0.1 - Remote Code Execution via baseDir Parameter
Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/.
by NoGe
Active Web Helpdesk 2.0 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
by Cyber-Zone
Active Time Billing 3.2 - SQL Injection
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by AlpHaNiX
Active Price Comparison 4.0 - SQL Injection
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
Active Photo Gallery 6.2 - SQL Injection
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by R3d-D3V!L
Active Business Directory 2 - SQL Injection
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by AlpHaNiX
Active Web Mail 4.0 - SQL Injection
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
by R3d-D3V!L
Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities
by Pouya_Server
PHP TV Portal < 2.0 - SQL Injection via mid Parameter
SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter.
by Cyber-Zone
Oramon 2.0.1 - Unauthenticated Sensitive Information Exposure via Direct Request
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.
by ahmadbady
CMS Made Simple 1.4.1 - Path Traversal
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
by M4ck-h@cK
Active Bids 3.5 - SQL Injection via ItemID Parameter
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by Stack
ParsBlogger - 'blog.asp' Cross-Site Scripting
by Pouya_Server
Ocean12 Mailing List Manager Gold - SQL Injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
by Charalambous Glafkos
Ocean12 FAQ Manager Pro - 'Keyword' Cross-Site Scripting
by Charalambous Glafkos
By Source