Text Exploits
31,394 exploits tracked across all sources.
CMS from Scratch 1.1.3 - 'image.php' Directory Traversal
by Stack
Airaev Commerce 3.0 - SQL Injection
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by QTRinux
Xerox DocuShare < 6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
by Doz
Xerox DocuShare < 6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
by Doz
Xerox DocuShare < 6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
by Doz
Proje ASP Portal 2.0 - 'id' Multiple SQL Injections
by Ugurcan Engin
JustPORTAL 1.0 - 'site' Multiple SQL Injections
by Ugurcan Engin
dvbbs 8.2.0 - SQL Injection via login.asp Username Parameter
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by hackerbinhphuoc
PHPhotoalbum 0.5 - SQL Injection via Album or PID Parameter
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
by cOndemned
Joomla! Component Artist - 'idgalery' SQL Injection
by Cr@zy_King
Joomla! / Mambo Component Artists - 'idgalery' SQL Injection
by Cr@zy_King
FlashBlog - SQL Injection via articulo_id Parameter
SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter.
by HER0
Calcium 3.10 and 4.0.4 - Cross-Site Scripting via CalendarName Parameter
Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear Software Calcium 3.10 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the CalendarName parameter in a ShowIt action.
by Marvin Simkin
tr_script_news 2.1 - Cross-Site Scripting via nb Parameter
Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode.
by ZoRLu
OtomiGenX 2.2 - Directory Traversal and Arbitrary File Execution via Lang Parameter
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
by Saime
CartKeeper CKGold Shopping Cart 2.5 and 2.7 - SQL Injection via item.php category_id Parameter
SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.
by Cr@zy_King
RoomPHPlanning 1.5 - SQL Injection via idroom Parameter
SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php.
by Virangar Security
RoomPHPlanning 1.5 - Authenticated Privilege Escalation via admin/userform.php
admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts.
by Stack
phpFix 2.0 - SQL Injection via kind or account Parameter
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
by Unohope
phpFix 2.0 - SQL Injection via kind or account Parameter
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
by Unohope
GraFX miniCWB < 2.1.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters.
by CWH Underground
maxsite < 1.10 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action.
by Tesz
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
by Unohope
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
by Unohope
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
by Unohope
By Source