Text Exploits
31,394 exploits tracked across all sources.
PHP Jabbers Post Comment 3.0 - Unauthenticated Administrative Access via PostCommentsAdmin Cookie
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
by Crackers_Child
PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass
by Crackers_Child
PG Matchmaking - SQL Injection via id Parameter
SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.
by Super Cristal
Events Calendar 1.1 - Remote Code Execution via path[docroot] or component Parameter
PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.
by k3vin mitnick
CAcert - Cross-Site Scripting via X.509 Certificate CommonName Field
Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.
by Alexander Klink
ArabCMS 2.0 beta 1 - Path Traversal via RSS Parameter
Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter.
by JIKO
Wireshark 0.99.7-1.0.3 - Denial of Service via Malformed Tamos CommView Capture File
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
by Shinnok
Windows XP - Denial of Service via Crafted ZIP File
Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file.
by fl0 fl0w
ZEELYRICS 2.0 - SQL Injection via bannerclick.php adid Parameter
SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
by Hussin X
Pro Chat Rooms 3.0.3 - SQL Injection via gud Parameter
SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php.
by ~!Dok_tOR!~
Pilot Group eTraining - SQL Injection via News Read ID Parameter
SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter.
by S.W.A.T.
Freshlinks 1.0 RC1 module for PHP-Fusion - SQL Injection via linkid Parameter
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
by boom3rang
Joomla com_imagebrowser 0.1.5 - Path Traversal via Folder Parameter
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
by Cr@zy_King
bbzl.php 0.92 - Unauthenticated Authentication Bypass via phorum_admin_session Cookie
BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1.
by Stack
BbZL.PhP 0.92 - Path Traversal via lien_2 Parameter
Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter.
by JIKO
ParsaGostar ParsaWeb CMS - SQL Injection via id or txtSearch Parameter
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
by BugReport.IR
Yoxel < 1.23beta - Authenticated PHP Code Injection via proj_id Parameter
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
by dun
X7 Chat < 2.0.1 - Path Traversal and Arbitrary File Execution via Help File Parameter
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
by JIKO
X7 Chat < 2.0.1 - Path Traversal and Arbitrary File Execution via Help File Parameter
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
by NoGe
vbgooglemap 1.0.3 - SQL Injection via mapid Parameter
SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php.
by elusiven
RPG.Board <= 0.8 Beta2 - Unauthenticated Authentication Bypass via keep4u Cookie
RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value.
by Stack
Dan Fletcher Recipe Script - Cross-Site Scripting via Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ghost Hacker
Conkurent Real Estate Manager 1.01 - SQL Injection via cat_id Parameter
SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode.
by CraCkEr
PowerPortal 2.0.13 - Path Traversal via Path Parameter
Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI.
by r45c4l
By Source