Text Exploits
31,394 exploits tracked across all sources.
Jokes Complete Website 2.1.3 - SQL Injection
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
by InjEctOr5
Drinks Complete Website 2.1.0 - SQL Injection
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.
by InjEctOr5
Cheats Complete Website 1.1.1 - SQL Injection
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
by InjEctOr5
A+ PHP Scripts News Management System - Unauthenticated Authentication Bypass via Cookie Manipulation
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.
by Virangar Security
GNOME Rhythmbox 0.11.5 - Denial of Service via Long Title Field in Playlist File
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
by Juan Pablo Lopez Yacubian
Commtouch Anti-Spam Enterprise Gateway - Cross-Site Scripting
by Erez Metula
Snail Game 5th Street - Remote Code Execution via Chat Message Format String
Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.
by superkhung
Webdevindo-CMS 1.0.0 - SQL Injection via hal Parameter
SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.
by CWH Underground
Page Manager 2006-02-04 - Unauthenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by CWH Underground
MyPHP CMS 0.3.1 - SQL Injection via pid Parameter
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by CWH Underground
munky 0.0.1 - Remote File Inclusion via Zone Parameter Path Traversal
Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter.
by StAkeR
nBill (com_netinvoice) 1.2.0 SP1 - SQL Injection
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
by His0k4
Softbiz Jokes & Funny Pics Script - SQL Injection via sbjoke_id Parameter
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.
by Hussin X
Relative Real Estate Systems < 3.0 - Cleartext Password Storage
Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
by K-159
Linksys WRT54g 1.00.9 - Unauthenticated Arbitrary Administrative Actions via Direct Script Request
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.
by meathive
ShareCMS 0.1 Beta - SQL Injection via eventID or userID Parameter
Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php.
by CWH Underground
Relative Real Estate Systems <3.0 - SQL Injection
SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
by K-159
E-topbiz Link ADS 1 - SQL Injection via linkid Parameter
SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
by Hussin X
hivemaker < 1.0.2 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by security fears team
E-topbiz Viral DX 1 2.07 - SQL Injection via adclick.php bannerid Parameter
SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
by Hussin X
Linksys WRT54g firmware 1.00.9 - RCE
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
by meathive
DUcalendar < 1.0 - SQL Injection via iEve Parameter
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.
by Bl@ckbe@rD
Geody Dagger r12feb2008 - Remote Code Execution via dir_inc Parameter
PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_inc parameter.
by CraCkEr
Ourvideo CMS 9.5 - Path Traversal via RSS Prefix Parameter
Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter.
by CraCkEr
Ourvideo CMS 9.5 - Remote Code Execution via include_connection Parameter
Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2) edit_topics_feature.php in phpi/.
by CraCkEr
By Source