Text Exploits
31,394 exploits tracked across all sources.
Diigo Toolbar and Diigolet - Stored Cross-Site Scripting via Public Comment
Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment.
by Ferruh Mavituna
NCH Software Classic FTP 1.02 - Path Traversal via FTP LIST Command Response
Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
by Tan Chew Keong
Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities
by BugReport.IR
elinestudio site_composer < 2.6 - Path Traversal via inpCurrFolder Parameter
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.
by BugReport.IR
eLineStudio Site Composer < 2.6 - SQL Injection via id or template_id Parameter
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
by BugReport.IR
eLineStudio Site Composer <= 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.
by BugReport.IR
OwnRS Beta 3 - Cross-Site Scripting via Clanek.php ID Parameter
Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by CWH Underground
Academic Web Tools < 1.4.2.8 - Session Fixation via PHPSESSID Parameter
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
by BugReport.IR
vBulletin 3.7.1 - Moderation Control Panel 'redirect' Cross-Site Scripting
by Jessica Hope
OwnRS Beta 3 - SQL Injection via clanek.php id Parameter
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
Orlando CMS 0.6 - Remote Code Execution via GLOBALS[preloc] Parameter
Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.
by Ciph3r
eLineStudio Site Composer <= 2.6 - Exposure of Sensitive Information via Direct Request
eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.
by BugReport.IR
CMS-BRD - SQL Injection via Menuclick Parameter
SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.
by dun
AJSquare AJ Auction Pro 2.0 - SQL Injection via category.php cate_id Parameter
SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
by Hussin X
Mac OS X 10.4.11 and 10.5.4 - Privilege Escalation via Scripting Addition Commands
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.
by anonymous
nweb2fax <= 0.2.7 - Path Traversal via id or var_filename Parameter
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.
by dun
doitlive/cms < 2.50 - Cross-Site Scripting via FILE Parameter
Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.
by BugReport.IR
traindepot 0.1 - Path Traversal via Module Parameter
Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
by CWH Underground
Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Buffer Overflow via fCreateShellLink lpstrLinkPath Argument
Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.
by shinnai
Traindepot 0.1 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php.
by CWH Underground
nweb2fax <= 0.2.7 - Remote Code Execution via viewrq.php var_filename Parameter
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.
by dun
By Source