Text Exploits
31,394 exploits tracked across all sources.
Ocean12 (Multiple Products) - 'Admin_ID' SQL Injection
by Charalambous Glafkos
Active eWebquiz 8.0 - SQL Injection
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
ASPThai.NET ASPThai Forums 8.5 - Unauthenticated Sensitive Information Exposure via Direct Database Download
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb.
by CWH Underground
ASPreferral 5.3 - SQL Injection via Merchantsadd.asp AccountID Parameter
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
by R3d-D3V!L
ActiveVotes 2.2 - SQL Injection via Username and Password Parameters
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
ActiveWebSoftwares ActiveVotes <2.2 - SQL Injection
SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
by R3d-D3V!L
Active Web Mail 4.0 - SQL Injection via TabOpenQuickTab1 Parameter
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
by R3d-D3V!L
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
by R3d-D3V!L
Active Trade 2 - SQL Injection via Username or Password Parameter
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Active Test 2.1 - SQL Injection via Useremail or Password Parameter
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Active Test 2.1 - SQL Injection via QuizID Parameter
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
by R3d-D3V!L
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
by R3d-D3V!L
Active Newsletter 4.3 - SQL Injection via Email or Password Parameter
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Active Membership 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Active Force Matrix 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Local Privilege Escalation
by Abysssec
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection
by Bl@ckbe@rD
SailPlanner 0.3a - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by JIKO
ReVou Micro Blogging Twitter clone - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by R3d-D3V!L
RakhiSoftware Shopping Cart - Exposure of Sensitive Information via Invalid PHPSESSID Cookie
RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.
by Charalambous Glafkos
RakhiSoftware Shopping Cart - Cross-Site Scripting via category_id and subcategory_id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters.
by Charalambous Glafkos
Ocean12 FAQ Manager Pro 1.0 - SQL Injection via ID Parameter in Cat Action
SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information.
by Stack
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
by MrDoug
By Source