Text Exploits
31,394 exploits tracked across all sources.
Article Friendly Standard - SQL Injection
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
by Mr.SQL
ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script - SQL Injection via ItemID Parameter
SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by Mr.SQL
PozScripts TubeGuru - SQL Injection
SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter.
by Hussin X
PozScripts Classified Ads - SQL Injection
SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3672.
by Hussin X
Pligg CMS < 9.9.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
by GulfTech Security
JnSHosts PHP Hosting Directory 2.0 - Auth Bypass
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
by Stack
nzFotolog 0.4.1 - Path Traversal via Action File Parameter
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.
by Khashayar Fereidani
MJGuest 6.8 GT - Cross-Site Scripting via Link Parameter
Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter.
by DSecRG
HIOX Random Ad 1.3 - Remote Code Execution via hm Parameter
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
by Ghost Hacker
HIOX Browser Statistics 2.0 - Remote Code Execution via hm Parameter
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
by Ghost Hacker
DEV Web Management System 1.5 - Multiple Input Validation Vulnerabilities
by Dr.Crash
Article Friendly Pro - SQL Injection
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
by Mr.SQL
Unreal Tournament 3 <1.3beta4 - Buffer Overflow
Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c.
by Luigi Auriemma
Unreal Tournament 2004 <= 3369 - Denial of Service via Malformed Packet Sequence
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
by Luigi Auriemma
CoVideoWindow.ocx 5.0.907.1 - Buffer Overflow
Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
by Edi Strosar
JnSHosts PHP Hosting Directory 2.0 - RCE
PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.
by RoMaNcYxHaCkEr
Minishowcase Image Gallery <09b136 - Path Traversal
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by DSecRG
MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusions
by Ghost Hacker
Gregarius < 0.5.4 - SQL Injection via rsargs Array Parameter
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
by GulfTech Security
Velocity Security Management System - Path Traversal via URI
Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by DSecRG
Youtuber Clone - SQL Injection via UID Parameter
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
by Hussin X
ViArt Shop < 3.5 - SQL Injection via products_rss.php category_id Parameter
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by GulfTech Security
TalkBack < 2.3.6.2 - Remote File Inclusion via Language Parameter
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by NoGe
Pligg CMS Beta 9.9.0 - SQL Injection
SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.
by Hussin X
Pixelpost 1.7.1 - Remote Code Execution via Language Parameter Path Traversal
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
by DSecRG
By Source