Text Exploits
31,394 exploits tracked across all sources.
RMSOFT Downloads Plus Module 1.5 and 1.7 - Cross-Site Scripting via key or id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.
by Lostmon
Linkspider 1.08 - Multiple Remote File Inclusions
by Rohit Bansal
Qbik WinGate <6.2.2.1137 - Buffer Overflow
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
by Antunes
HP OpenVMS 8.3 - Stack-Based Buffer Overflow in MultiNet Finger Service
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
by Shaun Colley
WSN Links <= 4.1.44 - Remote File Inclusion via TID Parameter
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
by otmorozok428
WebmasterSite (Multiple Products) - Remote Command Execution
by otmorozok428
Quate CMS 0.3.4 - Multiple Cross-Site Scripting Vulnerabilities
by CraCkEr
Quate CMS 0.3.4 - Local File Inclusion / Cross-Site Scripting
by CraCkEr
phpkf-portal 1.10 - Path Traversal via tema_dizin or portal_ayarlarportal_dili Parameter
Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by KnocKout
phpkf-portal 1.10 - Path Traversal via tema_dizin or portal_ayarlarportal_dili Parameter
Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by KnocKout
PHP-Nuke Kleinanzeigen Module - SQL Injection via lid Parameter
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.
by Lovebug
Kshop module 2.22 for Xoops - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Lostmon
Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusions
by by_casper41
Free Hosting Manager 1.2-2.0 - Auth Bypass
Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.
by Scary-Boys
Chupix CMS 0.1.0 - Path Traversal via Contact Module mods Parameter
Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by casper41
Battle.net Clan Script 1.5.2 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
by Khashayar Fereidani
NoticeWare Email Server NG <4.6.3 - DoS
The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.
by Antunes
Combat Evolved 1.0.7.0615 - Multiple Denial of Service Vulnerabilities
by Luigi Auriemma
KAPhotoservice - Cross-Site Scripting via Search Filename or Order Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by by_casper41
KAPhotoservice - Cross-Site Scripting via Search Filename or Order Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by by_casper41
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
By Source