Text Exploits
31,394 exploits tracked across all sources.
ModernBill < 4.4 - Remote Code Execution via DIR Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.
by nigh7f411
Logz podcast CMS 1.3.1 - SQL Injection via art Parameter
SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter.
by ZoRLu
Lyrics (lyrics_menu) plugin 0.42 for e107 - SQL Injection via l_id Parameter
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
cPanel - Cross-Site Scripting via Fantastico De Luxe Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
by Khashayar Fereidani
Article Publisher Pro 1.5 - SQL Injection via Username Parameter
SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
Adult Banner Exchange Website - SQL Injection
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
by Hussin X
Xigla Absolute Newsletter 6.0 and 6.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by x0r
Absolute News Manager.NET 5.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Xigla Absolute News Feed 1.0 and possibly 1.5 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
by Hakxer
Absolute Live Support .NET 5.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Xigla Absolute Form Processor .NET 4.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Xigla Absolute FAQ Manager.NET 6.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Absolute Control Panel XE 1.5 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Absolute Content Rotator 6.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Absolute Banner Manager .NET 4.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
A-LINK WL54AP2 and WL54AP3 - Unauthenticated Admin Access via Blank Default Password
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
by Henri Lindberg
MyPHP Forum < 3.0 - SQL Injection via Member and Post Parameters
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.
by StAkeR
Absolute Poll Manager XE 4.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Absolute Podcast .NET 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
Absolute File Send 1.0 - Remote Insecure Cookie Handling
by Hakxer
Dovecot 1.1.4 and 1.1.5 - Denial of Service via Malformed From Address in IMAP FETCH ENVELOPE
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
by anonymous
SonicOS Enhanced < 4.0.1.1 - Cross-Site Scripting via CFS Block Page
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
by pagvac
Venalsur Booking Centre Booking System for Hotels Group - Stored Cross-Site Scripting via OfertaID Parameter
Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.
by d3b4g
WebCards < 1.3 - SQL Injection via User Parameter
SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information.
by t0pP8uZz
By Source