Text Exploits
31,394 exploits tracked across all sources.
myktools 2.4 - Unauthenticated Database Backup Exposure via mykdownload.php
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
by Stack
MyKtools 2.4 - Remote File Inclusion via Language Parameter Path Traversal
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
by x0r
MyForum 1.3 - Path Traversal via padmin Parameter
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
by Vrs-hCk
MyBB 1.4.2 - 'moderation.php' Cross-Site Scripting
by Kellanved
e107 alternate_profiles_plugin - SQL Injection via newuser.php id Parameter
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by boom3rang
bcoos 1.0.13 - 'common.php' Remote File Inclusion
by Cru3l.b0y
bcoos 1.0.10 and 1.0.13 - SQL Injection via bid Parameter
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
by DeltahackingTEAM
Aiocp - SQL Injection
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
by ExSploiters
Aiocp - SQL Injection
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
by ExSploiters
Microsoft Windows Server Service - Remote Code Execution via Crafted RPC Request
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
by EMM
CVSS 9.8
Scripts for Sites Ez Forum - SQL Injection via Forum Parameter
SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
by Hurley
PozScripts Classified Auctions Script - SQL Injection via gotourl.php id Parameter
SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
MHF Media Pro - OS Command Injection via dhtml.pl page parameter
dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.
by S0l1D
TlNews 2.2 - Unauthenticated Authentication Bypass via tlNews_login Cookie
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
by x0r
php-daily - SQL Injection via id or prev Parameter
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
by 0xFFFFFF
PHP-Daily - Cross-Site Scripting via Date Parameter
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.
by 0xFFFFFF
php-daily - Path Traversal via Download File Parameter
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.
by 0xFFFFFF
New Earth Programming Team imgupload 1.0 - Unauthenticated Arbitrary File Upload via uploadp.php
Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.
by Dentrasi
jmds com_kbase 1.2 - SQL Injection via id Parameter
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
by H!tm@N
Joomla! Component archaic binary Gallery 0.2 - Directory Traversal
by H!tm@N
iPei Guestbook 2.0 - Cross-Site Scripting via pg Parameter
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.
by Ghost Hacker
buzzywall 1.3.1 - Path Traversal via Download ID Parameter
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
by b3hz4d
By Source