Text Exploits
31,394 exploits tracked across all sources.
KDE Konqueror 3.5.9 - JavaScript 'load' Denial of Service
by Jeremy Brown
Nokia Web Browser for S60 - Infinite Array Sort Denial of Service
by Luca Carettoni
MunzurSoft Web Portal W3 - SQL Injection via kategori.asp kat Parameter
SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter.
by LUPUS
Ayco Okul Portali - SQL Injection via default.asp linkid Parameter
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
by Crackers_Child
Camera Life 2.6.2b4 - SQL Injection
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
by BackDoor
Gforge < 4.5.19 - SQL Injection via release_id Parameter
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.
by beford
ScriptsEz Mini Hosting Panel - Path Traversal
Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action.
by JosS
ScriptsEz Easy Image Downloader - Path Traversal
Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action.
by JosS
com_joomtracker 1.01 - SQL Injection via id Parameter
SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php.
by rsauron
Gforge < 4.6rc1 - SQL Injection via skill_edit[] Parameter
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
by beford
GForge 4.5.19 - SQL Injection via Offset Parameter
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
by beford
Camera Life 2.6.2b4 - Cross-Site Scripting via Topic Name Parameter
Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by BackDoor
Proxim Wireless Tsunami MP.11 2411 - XSS
Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID.
by Adrian Pastor
WebBiscuits Modules Controller <1.1 - RCE
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
by GoLd_M
Hispah Text Links Ads 1.1 - SQL Injection via idcat Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
by InjEctOr5
Microsoft Windows XP-Vista-2003-2008 - Privilege Escalation
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
by Cesar Cerrudo
WebBiscuits Modules Controller 1.1 - Path Traversal
Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
by GoLd_M
Opera < 9.60 - Remote Code Execution via Crafted Redirect URL
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
by MATASANOS
Hispah Text Links Ads 1.1 - SQL Injection via idtl Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by InjEctOr5
DFFFrameworkAPI - 'DFF_config[dir_include]' Multiple Remote File Inclusions
by GoLd_M
DataFeedFile PHP Framework API - Remote Code Execution via DFF_config[dir_include] Parameter
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
by GoLd_M
AdMan 1.1.20070907 - Authenticated SQL Injection via editCampaign.php campaignId Parameter
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
by SuB-ZeRo
KDE Konqueror 3.5.9 - Denial of Service via Long HTML Color Attribute
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514.
by Jeremy Brown
By Source