Text Exploits
31,394 exploits tracked across all sources.
cyberBB 0.6 - Authenticated SQL Injection via id or user Parameter
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
by cOndemned
AWStats 6.8 - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
by Morgan Todd
Xnova - Remote Code Execution via ugamela_root_path Parameter
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter.
by NuclearHaxor
xnova < 0.8 - Remote Code Execution via xnova_root_path Parameter
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.
by NuclearHaxor
phpbasket - SQL Injection via pro_id Parameter
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.
by r45c4l
PHPArcadeScript 4.0 - SQL Injection
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.
by Hussin X
ESET Smart Security 3.0.667.0 - Denial of Service via IOCTL Request to easdrv.sys
easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.
by g_
VLC Media Player <0.8.6i - Buffer Overflow
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
by g_
DMCMS 0.7.4 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
by Khashayar Fereidani
DeeEmm.com DM CMS 0.7.0.Beta and 0.7.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected.
by Khashayar Fereidani
zeejobsite 2.0 - SQL Injection via bannerclick.php adid Parameter
SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
by Hussin X
PromoProducts - 'view_product.php' Multiple SQL Injections
by baltazar
PHPizabi 0.848b C1 HFP3 - Path Traversal
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information.
by Lostmon
Mambo 4.6.2 and 4.6.5 - Cross-Site Scripting via Query String and mosConfig_sitename Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.
by Khashayar Fereidani
Mambo 4.6.2 and 4.6.5 - Cross-Site Scripting via Query String and mosConfig_sitename Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.
by Khashayar Fereidani
FlexCMS 2.5 and earlier - Cross-Site Scripting via PreviousColorsString Parameter
Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.
by Dr.Crash
dotcms 1.6.0.9 - Path Traversal via ID Parameter
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
by Don
DeeEmm CMS 0.7.4 - Remote Code Execution via Language Directory Parameter
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
by Khashayar Fereidani
fipsCMS 2.1 - SQL Injection via forum/neu.asp kat Parameter
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by U238
Openfire 3.5.2 - 'login.jsp' Cross-Site Scripting
by Daniel Henninger
YapBB 1.2 Beta 2 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter.
by CraCkEr
php-fusion 4.01 - SQL Injection via News ID Parameter
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
by Rake
YPN PHP Realty - SQL Injection via dpage.php docID Parameter
SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.
by CraCkEr
By Source