Text Exploits
31,394 exploits tracked across all sources.
Five Star Review Script - Cross-Site Scripting via Search Words Parameter
Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.
by Mr.SQL
MiaCMS 4.6.5 - SQL Injection via com_content id Parameter
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.
by ~!Dok_tOR!~
Five Star Review Script - SQL Injection
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
by Mr.SQL
One-News Beta 2 - SQL Injection via q Parameter
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
by suN8Hclf
One-News Beta 2 - SQL Injection via q Parameter
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
by suN8Hclf
VLC Media Player 0.8.6i - Remote Code Execution via Crafted MMST Link
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
by g_
PICTURESPRO Photo Cart 3.9 - Cross-Site Scripting via qtitle Parameter
Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.
by Tyler Trioxide
Accellion File Transfer FTA_7_0_135 - XSS
Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
by Eric Beaulieu
BandSite CMS 1.1.4 - Cross-Site Scripting via Merchandise Type Parameter
Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.
by SirGod
BandSite CMS 1.1.4 - Unauthenticated Database Backup Download via adminpanel/phpmydump.php
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
by SirGod
TinyCMS 1.1.2 - Remote File Inclusion via ZZ_Templater config[template] Parameter
Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter.
by cOndemned
TimeTrex 2.2.11 - Cross-Site Scripting via Login Parameters
Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters.
by Doz
Simasy CMS - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by r45c4l
DXShopCart 4.30mc - SQL Injection via product_detail.php pid Parameter
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Hussin X
PICTURESPRO Photo Cart 3.9 - SQL Injection
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
by ~!Dok_tOR!~
far-php 1.00 - Path Traversal via Index.php c Parameter
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
by Beenu Arora
EasySite 2.3 - Path Traversal via Module or Action Parameter
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php.
by SirGod
CustomCms Gaming Portal 4.0 - SQL Injection via print.php id Parameter
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ~!Dok_tOR!~
BandSite CMS 1.1.4 - Cross-Site Request Forgery via Admin Logout Endpoint
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
by SirGod
Fujitsu Web-Based Admin View <2.1.2 - Path Traversal
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by Deniz Cevik
Anzio WePO <3.2.19-3.2.24 - Buffer Overflow
Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.
by Core Security
YourFreeWorld Ad-Exchange Script - SQL Injection
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
vBulletin <3.7.2 PL1, <3.6.10 PL3 - XSS
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).
by Core Security
phpBazar 2.0.2 - SQL Injection via adid Parameter
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
by e.wiZz!
By Source