Text Exploits
31,394 exploits tracked across all sources.
WeBid 0.5.4 - SQL Injection via item.php id Parameter
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Stack
vtiger CRM 5.0.4 - Cross-Site Scripting via Parenttab, User Password, or Query String Parameters
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.
by Fabian Fingerle
MyioSoft EasyClassifields 3.0 - SQL Injection via go Parameter in browse Action
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.
by e.wiZz!
cmsbright - SQL Injection via id_rub_page Parameter
SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.
by h4ck3r
WeBid 0.5.4 - Arbitrary CSS File Modification via file Parameter
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
by InjEctOr5
WeBid 0.5.4 - SQL Injection via Admin Panel Username Parameter
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
by InjEctOr5
myphpnuke < 1.8.8_8 - SQL Injection via print.php sid Parameter
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
by MustLive
Words tag 1.2 - SQL Injection via Word Parameter in Claim Action
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
by Hussin X
WeBid 0.5.4 - Unauthenticated Sensitive Information Exposure via Direct Request
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
by InjEctOr5
Web Directory Script 1.5.3 - SQL Injection via Site Parameter in Open Action
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
by Hussin X
myphpnuke < 1.8.8_8 - Cross-Site Scripting via print.php sid Parameter
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
by MustLive
Brim 2.0.0 - Authenticated SQL Injection via Tasks Plugin Search Action
SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.
by InjEctOr5
Brim 2.0 - Authenticated Cross-Site Scripting via Bookmarks Plugin Name Parameter
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
Microsoft Windows - Buffer Overflow
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
by Ac!dDrop
CVSS 8.1
Full PHP Emlak Script - SQL Injection
SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
by C1c4Tr1Z
Dreambox - Web Interface URI Remote Denial of Service
by Marc Ruef
OpenDb 1.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
by C1c4Tr1Z
CVSS 6.1
OpenDb 1.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
by C1c4Tr1Z
CVSS 6.1
OpenDb 1.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
by C1c4Tr1Z
CVSS 6.1
YourOwnBux 3.1 and 3.2 beta - SQL Injection via User Parameter
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.
by ~!Dok_tOR!~
phpMyRealty < 1.0.9 - SQL Injection via id or price_max Parameter
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
by ~!Dok_tOR!~
AbleSpace 1.0 - 'adv_cat.php' Cross-Site Scripting
by Bug Researchers Group
Red Hat Directory Server 7.1 < SP7, 8 & Fedora Directory Server 1.1.1 - DoS via LDAP Requests
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
by Ulf Weltman
By Source