Text Exploits
31,394 exploits tracked across all sources.
web-cp 0.5.7 - Path Traversal via sendfile.php filelocation Parameter
Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter.
by GoLd_M
phpcounter < 1.3.2 - Path Traversal via l Parameter
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
by dun
ol'bookmarks manager 0.7.5 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.
by GoLd_M
Observer <= 0.3.2.1 - Remote Command Execution via Query Parameter
Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.
by dun
MailWatch for MailScanner < 1.0.4 - Remote File Inclusion via docs.php doc Parameter
Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter.
by dun
Jetik Emlak Sistem A 2.0 - SQL Injection via KayitNo Parameter
Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.
by ZoRLu
Jadu CMS for Government - SQL Injection via recruit_details.php id Parameter
SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter.
by r45c4l
Hotscripts Clone - SQL Injection via cid Parameter
SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Hussin X
emergecolab 1.0 - Path Traversal via Sitecode Parameter
Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/index.php.
by dun
Drupal Ajax Checklist <5.x-1.1 - SQL Injection
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.
by Justin C. Klein Keane
Barcode Generator 1D <2.0.0 - Path Traversal
Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter.
by dun
AJ Auction Pro Platinum Skin 2 - SQL Injection via detail.php item_id Parameter
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
by GoLd_M
adnforum < 1.0b - Unauthenticated Authentication Bypass via fpusuario Cookie
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string.
by Pepelux
WebPortal CMS 0.7.4 - 'code' Remote Code Execution
by GoLd_M
sofi_webgui < 0.6.3pre - Remote Code Execution via mod_dir Parameter
PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter.
by dun
openrat < 0.8-beta4 - Remote Code Execution via tpl_dir Parameter
PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter.
by dun
ol'bookmarks < 0.7.5 - Path Traversal via show Parameter
Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
by dun
jetik-web - SQL Injection via sayfa.php kat Parameter
SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter.
by d3v1l
InterTech WCMS - 'etemplate.php' SQL Injection
by GeNiUs IrAQI
Galmeta Post CMS 0.2 - Remote Code Execution / Arbitrary File Upload
by GoLd_M
DataLife Engine 7.2 - Cross-Site Scripting via admin.php Query String
Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
by Hadi Kiamarsi
Omnicom Content Platform (OCP) 2.0 - Path Traversal
Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter.
by AlbaniaN-[H]
xt:Commerce <3.0.4 - Info Disclosure
Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
by David Vieira-Kurz
xt-commerce < 3.0.4 - Cross-Site Scripting via Advanced Search Keywords Parameter
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
by David Vieira-Kurz
WSN Links 2.22, 2.23, 2.34 - SQL Injection via vote.php id Parameter
SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable.
by d3v1l
By Source