Text Exploits
31,394 exploits tracked across all sources.
Goople CMS 1.7 - Unauthenticated Authentication Bypass via Loggedin Cookie
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
by x0r
ftpzik - Cross-Site Scripting / Local File Inclusion
by JIKO
Bandwebsite 1.5 - XSS
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
by ZoRLu
Siemens Gigaset C450 IP and C475 IP - Denial of Service via Crafted SIP Packet
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.
by sky & Any
Goople CMS 1.7 - Unauthenticated Authentication Bypass via Loggedin Cookie
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
by BeyazKurt
MODx CMS <0.9.6.2 - Remote Code Execution
PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.
by RoMaNcYxHaCkEr
Prozilla Hosting Index - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
by snakespc
PG Roommate Finder Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
PG Roommate Finder Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
PHP Classifieds Script - Unauthenticated Sensitive Information Exposure via Direct Request
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
by InjEctOr5
PG Real Estate Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information.
by ZoRLu
PG Job Site Pro - SQL Injection via poll_view_id Parameter
SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.
by ZoRLu
NetArt Media Car Portal 2.0 - SQL Injection
SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by snakespc
NetArt Media Blog System 1.5 - SQL Injection
SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by snakespc
MODx CMS <0.9.6.2 - XSS
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.
by RoMaNcYxHaCkEr
Goople CMS 1.7 - Static Code Injection via Username and Password Parameters
Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by BeyazKurt
NetArt Media Vlog System 1.1 - SQL Injection
SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter.
by Mr.SQL
Ez Ringtone Manager - Path Traversal
Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/.
by b3hz4d
Mytipper Zogo-shop <1.15.4 - SQL Injection
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
by NoGe
Verlihub 0.9.8d-RC2 - Remote Command Execution via Trigger Argument Injection
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.
by v4lkyrius
EXtrovert Software Thyme 1.0 - SQL Injection
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.
by Ded MustD!e
By Source