Text Exploits
31,394 exploits tracked across all sources.
Owl Intranet Knowledgebase <0.95 - XSS
Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php.
by Fabian Fingerle
Dokeos E-Learning System <1.8.5 - Path Traversal
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
by DSecRG
ATutor < 1.6.1 - Authenticated Remote Code Execution via Import Type Parameter
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
by Khashayar Fereidani
Web Wiz Forum 9.5 - Cross-Site Scripting via Mode Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
by CSDT
Web Wiz Forum 9.5 - Cross-Site Scripting via Mode Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
by CSDT
SiteAdmin <line2.php - SQL Injection
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
by Cr@zy_King
Greatclone GC Auction Platinum - 'category.php' SQL Injection
by Hussin X
Getacoder Clone - SQL Injection via sb_protype Parameter
SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
by Hussin X
Greatclone GC Auction Platinum - SQL Injection
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
by Hussin X
CMScout 2.05 - Remote File Inclusion via Directory Traversal in bit Parameter
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
by Khashayar Fereidani
phplinkat 0.1 - SQL Injection via showcat.php catid Parameter
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Encrypt3d.M!nd
willo trio < 2.1 - SQL Injection via browse.php id Parameter
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by dun
PHPwebnews 0.2 MySQL Edition - 'SQL' Insecure Cookie Handling
by Virangar Security
phpLinkat 0.1 - Unauthenticated Authentication Bypass via login=right Cookie
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
by Encrypt3d.M!nd
Mobius for Mimsy XG <1.4.4.1 - SQL Injection
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.
by dun
IceBB - SQL Injection via Username Parameter in Members Module
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
by girex
Comsenz EPShop <3.0 - SQL Injection
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
by mikeX
fipsCMS light < 2.1 - SQL Injection via r Parameter
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.
by U238
XRMS CRM 1.99.2 - Remote Code Execution via Include Directory Parameter
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
by AzzCoder
xrms_crm 1.99.2 - Cross-Site Scripting via msg Parameter
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
by AzzCoder
xrms_crm 1.99.2 - Exposure of Sensitive Information via Direct Request to tests/info.php
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
by AzzCoder
phpTest 0.6.3 - SQL Injection via image_id Parameter
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
by cOndemned
Fizzmedia 1.51.2 - SQL Injection via mid Parameter
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
by Mr.SQL
ezcontents_cms - Remote Code Execution via GLOBALS[gsLanguage] Parameter
PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132.
by HACKERS PAL
By Source