Text Exploits
31,394 exploits tracked across all sources.
myWebland myBloggie 2.1.6 - SQL Injection via User ID Parameter
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
by Jesper Jurcenoks
RSS-aggregator 1.0 - Unauthenticated Admin Function Access via admin/fonctions/ Directory
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
by CWH Underground
rss_aggregator 1.0 - SQL Injection via IdFlux or IdTag Parameter
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
by CWH Underground
rss_aggregator 1.0 - SQL Injection via IdFlux or IdTag Parameter
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
by CWH Underground
RCM Revision Web Development - 'products.php' SQL Injection
by Niiub
powie psys 0.7.0 Alpha - SQL Injection via chatbox.php showid Parameter
SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.
by DNX
myWebland myBloggie 2.1.6 - Cross-Site Request Forgery in admin.php
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
by Jesper Jurcenoks
Mambo Component N-Gallery - Multiple SQL Injections
by AlbaniaN-[H]
HIOX Banner Rotator 1.3 - Remote File Inclusion via hm Parameter
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
by Ghost Hacker
FaName 1.0 - Cross-Site Scripting via key/desc/name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
by Jesper Jurcenoks
FaName 1.0 - Cross-Site Scripting via key/desc/name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
by Jesper Jurcenoks
eshop100 - SQL Injection via SUB Parameter
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
by JuDge
Catviz 0.4 beta 1 - SQL Injection via Foreign Key Value or Webpage Parameter
Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form.
by anonymous
Acmlmboard 1.A2 - SQL Injection via Memberlist pow Parameter
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
by anonymous
Wireshark 1.0.0 - Denial of Service in Syslog Dissector
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."
by Noam Rathus
IBM Tivoli Directory Server 6.1.0.0-6.1.0.15 - Authenticated Denial of Service via Duplicate ibm-globalAdminGroup Entry
Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.
by anonymous
OpenLDAP 2.2.4-2.4.10 - Denial of Service via Crafted ASN.1 BER Datagrams
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
by Cameron Hotchkies
PowerAward 1.1.0 RC1 - Cross-Site Scripting via l_vote_done Parameter
Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter.
by CraCkEr
SebracCMS 0.4 - SQL Injection via recid Parameter
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
by shinmai
PowerAward 1.1.0 RC1 - Path Traversal
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.
by CraCkEr
SoftVisions obm 2.2 - SQL Injection
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
Jabode com_jabode - SQL Injection via id Parameter
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
by His0k4
Joomla com_beamospetition - SQL Injection via Pet Parameter
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
by His0k4
Stalker-game S.t.a.l.k.e.r. < 1.0006 - Memory Corruption
Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.
by Luigi Auriemma
By Source