Text Exploits
31,394 exploits tracked across all sources.
AJ Square RSS Reader - SQL Injection via EditUrl.php url Parameter
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.
by yassine_enp
MindDezign Photo Gallery 2.2 - SQL Injection via id Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.
by CWH Underground
SiteEngine 5.x - Open Redirect via Forward Parameter
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.
by xy7
SiteEngine 5.x - Exposure of Sensitive Information via phpinfo Action Parameter
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.
by xy7
miniPortail 2.2 - Path Traversal via lng Parameter
Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lng parameter.
by StAkeR
WebSVN < 2.0 - Path Traversal and Arbitrary File Write via RSS Rev Parameter
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
by GulfTech Security
WebSVN <= 2.0 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by GulfTech Security
Microsoft Windows Server Service - Remote Code Execution via Crafted RPC Request
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
by stephen lawler
CVSS 9.8
WebSVN 1.x - Remote Code Execution via Username preg_replace Eval Switch
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
by GulfTech Security
SiteEngine 5.x - Open Redirect via Forward Parameter
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.
by xuanmumu
SiteEngine 5.x - SQL Injection via Announcements.php id Parameter
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
by xuanmumu
TXTshop beta 1.0 - Path Traversal via Language Parameter
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by Pepelux
SiteEngine 5.x - SQL Injection via Announcements.php id Parameter
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
by xy7
osprey 1.0a4.1 - Remote Code Execution via ListRecords.php xml_dir Parameter
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xml_dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the lib_dir vector is already covered by CVE-2006-6630.
by BoZKuRTSeRDaR
miniportail 2.2 - Cross-Site Scripting via Search String
Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string.
by StAkeR
MindDezign Photo Gallery 2.2 - SQL Injection via Username Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
by CWH Underground
RWCards 3.0.11 - Path Traversal and Arbitrary Local File Inclusion via Captcha Image Parameter
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
by Vrs-hCk
Jetbox CMS 2.1 - Cross-Site Scripting via Liste Parameter
Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter.
by Omer Singer
ClipShare Pro 4.0 - Cross-Site Scripting via Fullscreen Title Parameter
Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
by ShockShadow
aflog 1.01 - Unauthenticated Authentication Bypass via aflog_auth_a Cookie
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.
by JosS
Kayako eSupport 3.20.2 - Cross-Site Scripting via jsMakeSrc Parameter
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport.
by ShockShadow
Opera - Stored Cross-Site Scripting via History Search Database
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
by Roberto Suggi Liverani
Opera Browser 9.52 - Stored Cross-Site Scripting via History Search Query String
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.
by Roberto Suggi Liverani
phpcrs < 2.06 - Remote File Inclusion via ImportFunction Parameter
Directory traversal vulnerability in frame.php in phpcrs 2.06 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the importFunction parameter.
by Pepelux
By Source