Text Exploits
31,394 exploits tracked across all sources.
CuteNews aj-fork - 'path' Remote File Inclusion
by DeltahackingTEAM
Arab Portal 2.1 - Path Traversal via mod.php file Parameter
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
by Khashayar Fereidani
Pre Classified Listing PHP - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
Pre Multi-Vendor Shopping Malls - SQL Injection via buyer_detail.php sid/cid Parameters
SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.
by G4N0K
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via util.printf Format String
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
by Debasis Mohanty
CVSS 7.8
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via util.printf Format String
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
by Elazar
CVSS 7.8
Pre Multi-Vendor Shopping Malls - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
Pre Simple CMS - SQL Injection via User Parameter
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
by Hussin X
Pre Shopping Mall - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
Pre Real Estate Listings - SQL Injection via Username Parameter
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
by Cyber-Zone
Pre Podcast Portal - SQL Injection via Tour.php id Parameter
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
by G4N0K
Pre Shopping Mall - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
Small ShoutBox 1.4 - SQL Injection via id Parameter
SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
by StAkeR
Pre Projects PHP Auto Listings Script - SQL Injection via moreinfo.php itemno Parameter
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
by G4N0K
Mole Group Taxi Calc Dist Script - SQL Injection via login.php User Field
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
by InjEctOr5
Mole Group Airline Ticket Sale Script - SQL Injection via info.php flight parameter
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist.
by InjEctOr5
Dada Mail Manager 2.6 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
by NoGe
Five Dollar Scripts Drinks - SQL Injection via recid Parameter
SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.
by Ex Tacy
DFLabs PTK 0.1, 0.2, and 1.0 - Remote Command Execution via Filename Shell Metacharacters
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
by ikki
WEBBDOMAIN Multi Languages WebShop Online 1.02 - SQL Injection via detail.php id Parameter
SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by G4N0K
Multi Languages WebShop Online 1.02 - Cross-Site Scripting via detail.php name Parameter
Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by G4N0K
Way Of The Warrior 5.0 - Remote Code Execution via plancia Parameter
PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.
by dun
Simple Document Management System 1.1.4-1.1.5 - SQL Injection via Login Password Parameter
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.
by Yuri
Way Of The Warrior < 5.0 - Path Traversal via plancia Parameter
Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter.
by dun
By Source