Text Exploits
31,394 exploits tracked across all sources.
WEBBDOMAIN Multi Languages WebShop Online 1.02 - Cross-Site Scripting via detail.php name Parameter
Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by G4N0K
WEBDOMAIN WebShop <= 1.2 - SQL Injection via getin.php Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
WEBBDOMAIN Quiz <= 1.02 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
webbdomain post_card < 1.02 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
by x0r
webbdomian post_card < 1.02 - SQL Injection via choosecard.php catid Parameter
SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Hussin X
WEBBDOMAIN Polls 1.0 and 1.01 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
WEBBDOMAIN Petition 1.02, 2.0, 3.0 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
nicLOR Vibro-School-CMS - SQL Injection via nID Parameter
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
by Cyber-Zone
nicLOR Vibro-School-CMS - SQL Injection via nID Parameter
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
by StAkeR
TR News 2.1 - 'login.php' Remote Authentication Bypass
by StAkeR
Tours Manager 1.0 - SQL Injection via cityid Parameter
SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.
by G4N0K
tbmnetcms 1.0 - Path Traversal via Index.php Content Parameter
Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter.
by d3v1l
Simple Document Management System 1.1.4-1.1.5 - SQL Injection via Login Parameter
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Yuri
nicLOR Sito - Path Traversal via Page File Parameter
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.
by StAkeR
nicLOR-CMS - SQL Injection via sezione_news.php id Parameter
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
by StAkeR
VirtueMart Google Base 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by NoGe
Pro Desk Support Center 1.0 and 1.2 - Path Traversal via Include File Parameter
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
by d3v1l
Onguma Time Sheet 2.0 4b - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by NoGe
firmCHANNEL Digital Signage 3.24 - Cross-Site Scripting via Account Module Action Parameter
Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
by Brad Antoniewicz
dhcart - Cross-Site Scripting via order.php domain and d1 Parameters
Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters.
by Lostmon
CMS-School 2005 - 'showarticle.php' SQL Injection
by Cyber-Zone
OpenSymphony XWork 2.0.x < 2.0.6 and 2.1.x < 2.1.2 - Remote Code Execution via OGNL Context Object Reference
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
by Meder Kydyraliev
Apache Struts 2.0.0-2.0.11 and 2.1.0-2.1.2 - Path Traversal via Encoded Dot-Dot-Slash in URI
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
by Csaba Barta
MatPo Link 1.2 Beta - SQL Injection via id Parameter
SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hakxer
Acc Real Estate 4.0 - Unauthenticated Authentication Bypass via username_cookie
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
by Hakxer
By Source