Text Exploits
31,394 exploits tracked across all sources.
Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion
by Br0k3n H34rT
Atomic Photo Album 1.1.0 pre4 - Authentication Bypass via Cookie Manipulation
Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.
by Stack
212cafe Board 0.07 - SQL Injection via qID Parameter
SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter.
by CWH Underground
AJ Auction Pro Platinum 2 - SQL Injection
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
by InjEctOr5
Atomic Photo Album 1.1.0pre4 - SQL Injection via apa_album_ID Parameter
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.
by d3v1l
PHP infoBoard V.7 Plus - SQL Injection via idcat Parameter
SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.
by CWH Underground
Microsoft WordPad - Remote Code Execution via Crafted Word 97 File
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
by securfrog
OpenOffice.org 1.1.2-1.1.5 - Denial of Service and Possible Remote Code Execution via Crafted Word File
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
by securfrog
K-Lite Mega Codec Pack 3.5.7.0 - Denial of Service via Malformed FLV File
vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.
by Aodrulez
Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access
by StAkeR
phpocs < 0.1 - Path Traversal via Act Parameter
Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php.
by dun
PHP infoBoard V.7 Plus - Cross-Site Scripting via isname Parameter
Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action.
by CWH Underground
PHP infoBoard V.7 Plus - Unauthenticated Authentication Bypass via infouser Cookie
PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1.
by Stack
openengine < 2.0_beta4 - Remote File Inclusion via oe_classpath Parameter
PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.
by dun
LanSuite 3.3.2 - Remote File Inclusion via Design Parameter Path Traversal
Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter.
by dun
EasyRealtorPRO 2008 - SQL Injection via site_search.php Parameters
SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters.
by David Sopas
Atomic Photo Album 1.1.0pre4 - Cross-Site Scripting via apa_album_ID Parameter
Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.
by d3v1l
AJ Auction Pro Platinum 2 - Cross-Site Scripting via search.php product parameter
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
by InjEctOr5
OpenNMS < 1.5.94 - Cross-Site Scripting via j_username, username, and filter Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.
by d2d
OpenNMS < 1.5.94 - Cross-Site Scripting via j_username, username, and filter Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.
by d2d
OpenNMS < 1.5.94 - Cross-Site Scripting via j_username, username, and filter Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.
by d2d
ol'bookmarks 0.7.5 - Remote Code Execution via frame.php framefile Parameter
PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.
by GoLd_M
ol'bookmarks manager 0.7.5 - Path Traversal via frame.php framefile Parameter
Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.
by GoLd_M
By Source