Text Exploits
31,394 exploits tracked across all sources.
MyBizz-Classifieds - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by HaCkeR_EgY
Maxtrade AIO 1.3.23 - SQL Injection via Trade Module categori Parameter
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.
by HaCkeR_EgY
KEIL Software PhotoKorn 1.542 - 'index.php' SQL Injection
by t@nzo0n
Easy Webstore 1.2 - SQL Injection via cat_path Parameter
SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
by Mr.SQL
carscripts_classifieds - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Stack
BoatScripts Classifieds - SQL Injection via Type Parameter
SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter.
by Stack
PHP < 5.2.6 - Directory Traversal via http URL Argument to chdir or ftok
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
by Maksymilian Arciemowicz
GNU screen <4.0.3 - Info Disclosure
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
by Rembrandt
doitlive/cms < 2.50 - SQL Injection via ID Parameter or Licence Cookie
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.
by BugReport.IR
aspWebCalendar 2008 - Unauthenticated Arbitrary File Upload and Remote Code Execution via FILE1 Parameter
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
by Alemin_Krali
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 - Denial of Service or Remote Code Execution via Crafted .doc File
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
by Ivan Sanchez
WebCalendar 1.0.4 - Remote Code Execution via send_reminders.php includedir Parameter
PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.
by Cr@zy_King
ThaiQuickCart 3 - Path Traversal via sLanguage Cookie
Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.
by CWH Underground
PHP Site Lock 2.0 - SQL Injection via articleid Parameter
SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action.
by Mr.SQL
OpenDocMan 1.2.5 - Cross-Site Scripting via out.php last_message Parameter
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.
by Sergi Rosello
MyShoutPro 1.2 - Unauthenticated Authentication Bypass via admin_access Cookie
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
by Stack
FreeCMS 0.2 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Mr.SQL
erocms < 1.4 - SQL Injection via Site Parameter
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.
by Mr.SQL
MountainGrafix easyTrade 2.x - SQL Injection via detail.php id Parameter
SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
by anonymous
ClipShare < 3.0 - SQL Injection via group_posts.php tid Parameter
SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
by SuNHouSe2
basic-cms - SQL Injection via page_id Parameter
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
by Mr.SQL
UltraEdit 14.00b - Path Traversal via FTP/SFTP LIST Command Response
Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command.
by Tan Chew Keong
No-IP DUC Client for Windows - Local Information Disclosure
by Charalambous Glafkos
SimpleNotes - Multiple Cross-Site Scripting Vulnerabilities
by sl4xUz
By Source