Text Exploits
31,394 exploits tracked across all sources.
AvailScript Article Script - SQL Injection
SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter.
by Hussin X
6rbscript 3.3 - SQL Injection via singerid Parameter
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action.
by Hussin X
6rbscript 3.3 - Path Traversal via Name Parameter
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
by Stack
FreeBSD NetBSD OpenBSD - Cross-Site Request Forgery via Long FTP URI
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
by Maksymilian Arciemowicz
PlainCart 1.1.2 - SQL Injection via Index.php p Parameter
SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.
by r45c4l
oceandir < 2.9 - SQL Injection via show_vote.php id Parameter
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JEEN HACKER TEAM
MyFWB 1.0 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by 0x90
jPORTAL 2 - SQL Injection via humor.php id Parameter
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
by r45c4l
explay_cms < 2.1 - Unauthenticated Authentication Bypass via Login Cookie
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
by Stack
Diesel Pay - SQL Injection via Area Parameter in Browse Action
SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action.
by ZoRLu
Advanced Electron Forum < 1.0.7 - Remote Code Execution via BBCode Email Parameter
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
by GulfTech Security
Achievo 1.3.2 - Cross-Site Scripting via atkaction Parameter
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Rohit Bansal
PHP Pro Bid 6.04 - SQL Injection via Order Field and Order Type Parameters
Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information.
by Jan Van Niekerk
Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
by t0fx
HyperStop Web Host Directory 1.2 - Unauthenticated Database Backup Download via Direct Request
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.
by r45c4l
Explay CMS 2.1 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
by hodik
MountainGrafix easyLink 1.1.0 - SQL Injection via detail.php cat Parameter
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.
by Egypt Coder
ProArcadeScript 1.3 - SQL Injection via Random Parameter
SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI.
by SuNHouSe2
ProActive CMS - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
by r45c4l
ephpscripts e-php_cms - SQL Injection via article.php es_id Parameter
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
by HaCkeR_EgY
Diesel Joke Site - SQL Injection via picture_category.php id Parameter
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
by SarBoT511
CYASK 3.x - Path Traversal via Neturl Parameter
Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter.
by xy7
Assetman 2.5b - SQL Injection via search_inv.php order and order_by Parameters
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.
by Neo Anderson
Addalink < 1.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by ka0x
Sama Educational Management System - 'error.asp' Cross-Site Scripting
by Lagon666
By Source