Text Exploits
31,394 exploits tracked across all sources.
com_equotes 0.9.4 - SQL Injection via id Parameter
SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by His0k4
Brim 1.0.1 - Remote Code Execution via Template Renderer Parameter
Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
by HaiHui
i-pos StoreFront 1.3 - 'index.asp' SQL Injection
by KnocKout
mebiblio 0.4.7 - SQL Injection via JID Parameter
SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.
by CWH Underground
meBiblio 0.4.7 - Cross-Site Scripting via SQL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php.
by CWH Underground
Social Site Generator 2.0 - Unauthenticated Arbitrary File Read via File Parameter
Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php.
by Stack
meBiblio 0.4.7 - Unauthenticated Arbitrary File Upload and Remote Code Execution via PHP File Upload
Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory.
by CWH Underground
DesktopOnNet 3 Beta - Remote Code Execution via app_path Parameter
Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php.
by MK
ComicShout 2.8 - SQL Injection via News ID Parameter
SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456.
by JosS
I-Pos Internet Pay Online Store < 1.3 - SQL Injection via Item Parameter
SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.
by KnocKout
Social Site Generator 2.0 - SQL Injection via sgc_id, scm_mem_id, or catid Parameter
Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php.
by DeAr Ev!L
TorrentTrader - SQL Injection via scrape.php info_hash Parameter
SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
by Charles Vaughn
Social Site Generator 2.0 - Remote Code Execution via social_game_play.php Path Parameter
PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by DeAr Ev!L
Social Site Generator 2.0 - Remote Code Execution via social_game_play.php Path Parameter
PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by vBmad
Psychostats 2.3, 2.3.1, 2.3.3 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.
by Mr.SQL
PHP Visit Counter < 0.4 - SQL Injection via read.php datespan Parameter
SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.
by Lidloses_Auge
PassWiki < 0.9.16 - Path Traversal via site_id Parameter
Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.
by mozi
com_prayercenter < 1.4.9 - SQL Injection via id Parameter
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
by His0k4
BP Blog 6.0 - SQL Injection via id or cat Parameter
Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
by JosS
hivemaker < 1.0.2 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by K-159
DotNetNuke < 4.8.3 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by AmnPardaz Security Research Team
Adobe Acrobat Reader < 8.1.2 and < 7.1.1 - Remote Code Execution via Malformed PDF Document
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
by securfrog
PicoFlat CMS 0.5.9 - Path Traversal via Pagina Parameter
Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.
by gmda
By Source