Text Exploits
31,394 exploits tracked across all sources.
CCleague Pro 1.2 - SQL Injection via admin.php u Parameter
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
by t0pP8uZz
Softpedia SiteXS CMS 0.1.1 Pre-Alpha - Cross-Site Scripting via User Parameter
Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter.
by CWH Underground
PHPAuction 3.2 - SQL Injection via item.php id Parameter
SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
KbLance - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action.
by S.L TEAM
Online Fantasy Football League <= 0.2.6 - SQL Injection via fflteam_id, league_id, or player_id Parameter
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
by t0pP8uZz
eNews 0.1 - 'delete.php' Arbitrary Delete Post
by ilker Kandemir
CCleague Pro 1.2 - Unauthenticated Authentication Bypass via Type Cookie
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
by t0pP8uZz
AproxEngine 5.1.0.4 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by SkyOut
AJ Square aj-hyip - SQL Injection via news.php id Parameter
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.
by Hussin X
Lightweight news portal 1.0b - Cross-Site Scripting via Photo or POTD Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.
by storm
Jamroom 3.3.0-3.3.5 - Remote Code Execution via jamroom[jm_dir] Parameter
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information.
by cyberlog
JaxUltraBB < 2.0 - Cross-Site Scripting via Forum Parameter
Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
by CWH Underground
PHPAuctions - SQL Injection via profile.php auction_id Parameter
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.
by Mr.SQL
Lightweight news portal 1.0b - Privilege Escalation
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
by storm
JaxUltraBB < 2.0 - Path Traversal via User Parameter
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information.
by CWH Underground
Jamroom 3.3.0-3.3.5 - Remote Code Execution via jamroom[jm_dir] Parameter
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.
by cyberlog
GL-SH Deaf Forum < 6.4.4 - Remote File Inclusion via Directory Traversal
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
by BugReport.IR
FubarForum 1.5 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by cOndemned
FireAnt 1.3 - Remote Code Execution via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by cOndemned
emusoft emuCMS 0.3 - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action.
by TurkishWarriorr
CiBlog 3.1 - SQL Injection via id Parameter
SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.SQL
AceBIT WISE-FTP 4.1.0 and 5.5.8 - Path Traversal via FTP LIST Command Response
Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
by Tan Chew Keong
By Source