Text Exploits
31,394 exploits tracked across all sources.
A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities
by CraCkEr
Massive Entertainment Wic < 1.008 - Resource Management Error
World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.
by Luigi Auriemma
Vertex4 SunAge < 1.08.1 - Denial of Service via Crafted UDP Packet
Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960.
by Luigi Auriemma
perl - Arbitrary File Permission Modification via Symlink Attack in rmtree Function
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
by Frans Pop
sHibby sHop < 2.2 - Unauthenticated Sensitive Information Exposure via Direct Database Access
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
by KnocKout
shibby_shop < 2.2 - SQL Injection via sayfa Parameter
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
by KnocKout
CMReams CMS 1.3.1.1 Beta 2 - Cross-Site Scripting via lang[be_red_text] Parameter
Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter.
by CraCkEr
HomePH Design 2.10 RC2 - Remote Code Execution via Template Thumbnail Parameter
PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter.
by CraCkEr
HomePH Design 2.10 RC2 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php.
by CraCkEr
sHibby sHop < 2.2 - Unauthenticated Arbitrary File Write via upgrade.asp
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
by KnocKout
rss_aggregator - Remote Code Execution via Path Parameter
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
by Ghost Hacker
phpdmca 1.0.0 - Remote File Inclusion via ourlinux_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/.
by CraCkEr
PageSquid CMS 0.3 Beta - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.
by CWH Underground
Open Digital Assets Repository System 1.0.2 - Remote File Inclusion
by CraCkEr
Odars - Code Injection
PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter.
by CraCkEr
MiGCMS 2.0.5 - Remote Code Execution via GLOBALS[application][app_root] Parameter
Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/.
by CraCkEr
EXP Shop Component 1.0 for Joomla! - SQL Injection via catid Parameter
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
by His0k4
HomePH Design 2.10 RC2 - Path Traversal via Multiple Parameters
Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a) admin/templates/template_thumbnail.php, and the (2) language parameter to (b) account/account.php, (c) downloads/downloads.php, (d) forum/forum.php, (e) fotogalerie/delete.php, and (f) fotogalerie/fotogalerie.php in admin/features/.
by CraCkEr
HoMaP-CMS 0.1 - Remote Code Execution via _settings[pluginpath] Parameter
PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter.
by CraCkEr
hedgehog-cms 1.21 - Path Traversal and Arbitrary File Execution via c_temp_path Parameter
Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by CraCkEr
CMS Mini 0.2.2 - Path Traversal via Path or P Parameter
Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter.
by CWH Underground
CMReams CMS 1.3.1.1 Beta 2 - Path Traversal via load_language.php page_language Parameter
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter.
by CraCkEr
By Source