Text Exploits
31,394 exploits tracked across all sources.
phpSmartCom 0.2 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter.
by r3dm0v3
TalkBack 2.3.6 - Unauthenticated Sensitive Information Exposure via info.php
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
by SirGod
TalkBack < 2.3.6.2 - Remote File Inclusion via Language Parameter
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by SirGod
TalkBack 2.3.6 and 2.3.6.4 - Path Traversal via Language Parameter
Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371.
by SirGod
phpSmartCom 0.2 - SQL Injection via UID Parameter
SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php.
by r3dm0v3
Linkarity - SQL Injection via cat_id Parameter
SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: although one component of Linkarity is distributable PHP code, this issue might be site-specific. If so, it should not be included in CVE.
by Egypt Coder
Free PHP VX Guestbook 1.06 - Unauthenticated Database Backup Download via Direct Request
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
by SirGod
FoT Video scripti 1.1 beta - SQL Injection via izle.asp oyun Parameter
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
by Crackers_Child
WebPortal CMS 0.7.4 - 'FCKeditor' Arbitrary File Upload
by S.W.A.T.
vbLOGIX Tutorial Script < 1.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by FIREH4CK3R
Sports Clubs Web Panel 0.0.1 - Arbitrary File Upload
by Stack
Skalinks Exchange Script 1.5 - Unauthenticated Privilege Escalation via Admin Registration
Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.
by mr.al7rbi
Powie pNews 2.03 - SQL Injection via newsid Parameter
SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
by r45c4l
Powie PSCRIPT Forum <= 1.30 - SQL Injection via showprofil.php id Parameter
SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by tmh
s0nic Paranews 3.4 - Cross-Site Scripting via News.php ID or Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action.
by Xylitol
NetArt Media iBoutique 4.0 - SQL Injection via Cat Parameter
SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
by r45c4l
Dynamic MP3 Lister 2.0.1 - Cross-Site Scripting via currentpath invert search or sort Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters.
by Xylitol
Unreal Engine 3 - Denial of Service via Large Packet Length
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
by Luigi Auriemma
phpwebgallery 1.3.4 - Cross-Site Scripting via lang[access_forbiden] and lang[ident_title] Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.
by Khashayar Fereidani
Zanfi Autodealers CMS AutOnline - SQL Injection via pageid Parameter
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
by r45c4l
Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 - Local Buffer Overflow via Long Path
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.
by Juan Pablo Lopez Yacubian
Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
by StAkeR
Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
by Virangar Security
phpwebgallery 1.3.4 - Path Traversal via user[language] or user[template] Parameter
Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php.
by Khashayar Fereidani
By Source