Text Exploits
31,394 exploits tracked across all sources.
NooMS 1.1 - Cross-Site Scripting via Page ID or Search Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php.
by Dr.Crash
NooMS 1.1 - Cross-Site Scripting via Page ID or Search Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php.
by Dr.Crash
ezphotogallery 2.1 - Unauthenticated Administrator Account Manipulation via useradmin.php
useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.
by Stack
D-iscussion Board 3.01 - Path Traversal via Topic Parameter
Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
by SirGod
Zanfi Autodealers CMS AutOnline - SQL Injection via index.php id Parameter
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by r45c4l
Zanfi Autodealers CMS AutOnline - SQL Injection via index.php id Parameter
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by ZoRLu
Epic Games Unreal Engine 436 - Multiple Format String Vulnerabilities
by Luigi Auriemma
aspWebAlbum 3.2 - Cross-Site Scripting via Album Summary Message Parameter
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
by e.wiZz!
aspWebAlbum - SQL Injection via Username Field or Cat Parameter
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
by e.wiZz!
Vastal I-Tech phpVID 1.1, 1.2, 1.2.3 - Cross-Site Scripting via Search Results Query Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
by r45c4l
Zanfi CMS lite 1.2 - Path Traversal via Flag or Inc Parameter
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.
by SirGod
Jaw Portal and Zanfi CMS Lite - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.
by Cru3l.b0y
Vastal I-Tech phpVID 1.1 and 1.2.3 - SQL Injection via groups.php cat Parameter
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
by r45c4l
Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusions
by SirGod
hot_links_sql-php < 3 - SQL Injection via news.php Parameter
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
by r45c4l
Horde 3.1.x-3.1.9, Horde 3.2.x-3.2.2, Popoon r22196 - XSS
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
by Alexios Fakos
Horde 3.2.x - Cross-Site Scripting via MIME Attachment Filename
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
by Alexios Fakos
AvailScript Job Portal Script - SQL Injection via jid Parameter
SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.
by InjEctOr5
AvailScript Job Portal Script - 'applynow.php' SQL Injection
by InjEctOr5
Full Revolution aspWebAlbum 3.2 - Unrestricted File Upload and Remote Code Execution via pics/ Directory
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
by e.wiZz!
Hot Links SQL-PHP < 3.0 - SQL Injection via Report ID Parameter
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by sl4xUz
Creator CMS 5.0 - SQL Injection via sideid Parameter
SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter.
by ThE X-HaCkEr
AvailScript Article Script - SQL Injection via aIDS Parameter
SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter.
by sl4xUz
Availscript Photo Album - SQL Injection via sid Parameter
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
by sl4xUz
By Source