Text Exploits
31,394 exploits tracked across all sources.
AlstraSoft Forum Pay Per Post Exchange 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
by r45c4l
Apple Bonjour for Windows - Denial of Service via Crafted .local Domain Name
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
by Mario Ballano Bárcena
Stash 1.0.3 - SQL Injection via Username or Download Parameter
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information.
by Khashayar Fereidani
Stash 1.0.3 - Unauthenticated Authentication Bypass via bsm Cookie
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
by Ciph3r
Live TV Script - SQL Injection via mid Parameter
SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
by InjEctOr5
Kim Websites 1.0 - 'FCKeditor' Arbitrary File Upload
by Ciph3r
Hot Links SQL-PHP < 3.0 - Cross-Site Scripting via report.php id Parameter
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by sl4xUz
CMS Buzz - SQL Injection via id Parameter in playgame Action
SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action.
by security fears team
Availscript Photo Album - Cross-Site Scripting via sid Parameter or a Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php.
by sl4xUz
Availscript Classmate Script - SQL Injection via viewprofile.php p Parameter
SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter.
by Stack
AvailScript Article Script - Cross-Site Scripting via aIDS Parameter
Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter.
by sl4xUz
AlstraSoft Forum Pay Per Post Exchange - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action.
by r45c4l
Creator CMS 5.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors.
by ThE X-HaCkEr
Microsoft Windows Image Acquisition Logger ActiveX - RCE
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
Microsoft Organization Chart 2.00 - DoS/Code Injection
orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
by Ivan Sanchez
Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities
by sl4xUz
eXtrovert Thyme 1.3 - SQL Injection via uname_search Parameter
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
by Omer Singer
D-Link DIR-100 - Web Proxy Filter Bypass via Large URL
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
by Marc Ruef
WordPress < 2.6.2 - Unauthenticated Password Reset via SQL Column Truncation
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.
by irk4z
WordPress < 2.8.3 - Unauthenticated Password Reset via Array Parameter Bypass
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
by irk4z
phpadultsite_cms - Cross-Site Scripting via results_per_page Parameter
Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to inject arbitrary web script or HTML via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue might be resultant from a separate SQL injection vulnerability.
by David Sopas
Masir Camp E-Shop Module <3.0 - SQL Injection
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.
by BugReport.IR
E-Php Scripts E-Shop - SQL Injection
SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Mormoroth
E-Php B2B Trading Marketplace Script - SQL Injection via listings.php cid Parameter
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.
by r45c4l
AlstraSoft Forum Pay Per Post Exchange - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action.
by r45c4l
By Source