Text Exploits
31,394 exploits tracked across all sources.
bluo_cms 1.2 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by The_5p3ctrum
Turnkey Arcade Script - SQL Injection
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.
by The_5p3ctrum
Membership Manager Pro - SQL Injection via Username Parameter
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter).
by Cyber-Zone
Ocean12 Contact Manager Pro 1.02 - SQL Injection via Sort Parameter
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
by Pouya_Server
Ocean12 Contact Manager Pro 1.02 - Unprotected Sensitive Information Exposure via Direct Request
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
by Pouya_Server
aspWebCalendar - SQL Injection via Username Field or EventID Parameter
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
by Bl@ckbe@rD
TxtBlog 1.0 Alpha - Path Traversal via m Parameter
Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter.
by CWH Underground
Turnkey Arcade Script - SQL Injection
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.
by The_5p3ctrum
Kalptaru Infotech Stararticles - Access Control
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
by ZoRLu
RakhiSoftware Shopping Cart - SQL Injection via product.php subcategory_id Parameter
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.
by XaDoS
PageTree CMS 0.0.2 BETA 00001 - Remote Code Execution via GLOBALS[PT_Config][dir][data] Parameter
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
by NoGe
Ocean12 Poll Manager Pro - Database Disclosure
by Pouya_Server
Ocean12 Membership Manager Pro - Database Disclosure
by Pouya_Server
Membership Manager Pro - SQL Injection via Login Password Parameter
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Cyber-Zone
Ocean12 FAQ Manager Pro - Unauthenticated Sensitive Data Exposure via Direct Database Request
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
by Stack
Ocean12 Contact Manager Pro 1.02 - Cross-Site Scripting via DisplayFormat Parameter
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter.
by Pouya_Server
Ocean12 Calendar Manager Gold - Database Disclosure
by Pouya_Server
FamilyProject 2.0 - SQL Injection via Login or Password Parameter
Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information.
by The_5p3ctrum
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
by R3d-D3V!L
AssoCIateD <= 1.2.0 - Cross-Site Scripting via Menu Parameter
Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
by CWH Underground
Cisco WRT160N - Cross-Site Scripting via DHCP_Static Action Parameter
Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation.
by David Gil
Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting
by Bl@ckbe@rD
By Source