Text Exploits
31,394 exploits tracked across all sources.
Tornado Knowledge Retrieval System <4.2 - XSS
Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action.
by Unohope
Todd Woolums ASP News Management 2.2 - Info Disclosure
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Bl@ckbe@rD
ASPPortal - SQL Injection via Topic_Id Parameter
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
by JosS
Todd Woolums ASP Download 1.03 - Unauthenticated Privilege Escalation via setupdownload.asp
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
by Zigma
Realm CMS < 2.3 - Exposure of Sensitive Information via Direct Request to _db/compact.asp
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message.
by BugReport.IR
Realm CMS < 2.3 - Cross-Site Scripting via CmpctedDB or Boyut Parameters
Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.
by BugReport.IR
Realm CMS < 2.3 - SQL Injection via KeyWordsList kwrd Parameter
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.
by BugReport.IR
Telephone Directory 2008 - Cross-Site Scripting via edit1.php action parameter
Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
by CWH Underground
Telephone Directory 2008 - SQL Injection via code or id Parameter
Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.
by CWH Underground
Realm CMS 2.3 - Unauthenticated Authentication Bypass via Cookie Manipulation
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
by BugReport.IR
ProManager 0.73 - Remote File Inclusion via Language Parameter Path Traversal
Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by Stack
powie pNews 2.08 and 2.10 - SQL Injection via shownews Parameter
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
by Cr@zy_King
Real Estate Website 1.0 - 'location.asp' Multiple Input Validation Vulnerabilities
by JosS
real estate Web site 1.0 - SQL Injection / Cross-Site Scripting
by JosS
pilot_cart 7.3 - SQL Injection via Article Parameter
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
by Bl@ckbe@rD
phpinv 0.8.0 - Cross-Site Scripting via Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
by CWH Underground
BrowserCRM 5.002.00 - Remote Code Execution via bcrm_pub_root Parameter
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter.
by ahmadbady
XOOPS Uploader 1.1 - Path Traversal
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
by MEEKAAH
phpinv 0.8.0 - Remote File Inclusion via Action Parameter Path Traversal
Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
by CWH Underground
Joomla com_rapidrecipe 1.6.6-1.6.7 - SQL Injection via recipe_id Parameter
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
by His0k4
BrowserCRM 5.002.00 - Remote Code Execution via bcrm_pub_root Parameter
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ahmadbady
JiRo FAQ Manager eXperience 1.0 - SQL Injection via fID Parameter
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.
by Zigma
SchoolCenter 7.5 - Multiple Cross-Site Scripting Vulnerabilities
by Doz
ESTsoft ALFTP 4.1 beta 2 and 5.0 - Path Traversal via FTP LIST Response
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
by Tan Chew Keong
427BB 2.3.1 - SQL Injection via showpost.php post Parameter
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.
by CWH Underground
By Source