Text Exploits
31,394 exploits tracked across all sources.
SamTodo 1.1 - 'tid' Cross-Site Scripting
by David Sopas Ferreira
SamTodo 1.1 - 'completed' Cross-Site Scripting
by David Sopas Ferreira
powie psys 0.7.0 alpha - SQL Injection via shownews Parameter
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
by anonymous
PowerPhlogger < 2.2.5 - Authenticated SQL Injection via css_str Parameter
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
by MustLive
Joomla com_simpleshop < 3.4 - SQL Injection via catid Parameter
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
by His0k4
Joomla! com_joomladate 1.2 - SQL Injection
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
by His0k4
427BB 2.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php.
by CWH Underground
F5 FirePass SSL VPN 6.0.2 hotfix 3 - Cross-Site Scripting via css_exceptions or sql_matchscope Parameter
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
by nnposter
F5 FirePass SSL VPN 6.0.2 hotfix 3 - Cross-Site Scripting via css_exceptions or sql_matchscope Parameter
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
by nnposter
Linksys WRH54G 1.1.3 Wireless-G Router - HTTP Request Denial of Service
by dubingyao
php-address_book < 3.1.5 - Cross-Site Scripting via Group Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
by CWH Underground
php-address_book < 4.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
by CWH Underground
PHP Address Book 8.2.5 - SQL Injection via edit.php or import.php Parameters
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
by CWH Underground
PHP Address Book 3.1.5 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
by CWH Underground
QuickerSite 1.8.5 - SQL Injection via sNickName Parameter
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
by BugReport.IR
Joomla com_joomradio 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
by His0k4
Joomla com_idoblog <= b24 - SQL Injection via UserID Parameter
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.
by His0k4
FlashBlog 0.31 beta - Unauthenticated Arbitrary File Upload via imgupload.php
Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.
by ilker Kandemir
battleblog <= 1.25 - SQL Injection via comment.asp Entry Parameter
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
by Bl@ckbe@rD
1-script 1-book < 1.0.1 - Remote Code Execution via Guestbook Message Parameter
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
by JIKO
SMEWeb 1.4b and 1.4f - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php.
by CWH Underground
SMEWeb 1.4b and 1.4f - SQL Injection via idp and category Parameters
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
by CWH Underground
LifeType - SQL Injection via albumId Parameter
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
by DreamTurk
By Source