Text Exploits
31,394 exploits tracked across all sources.
SAFARI Montage < 3.1.3 - Cross-Site Scripting via School and Email Parameters
Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters.
by Omer Singer
AbleDating 2.4 - SQL Injection via search_results.php Keyword Parameter
SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
by Ali Jasbi
AbleDating 2.4 - Cross-Site Scripting via search_results.php Keyword Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
by Ali Jasbi
Barracuda Spam Firewall < 3.5.11.025 - Cross-Site Scripting via LDAP Test Email Parameter
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
by Information Risk Management Plc
Simpel Side Weblosning 1-4 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Mr.SQL
Simpel Side Weblosning 1-4 - SQL Injection via mainid or id Parameter
Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php.
by Mr.SQL
Netious CMS 0.4 - SQL Injection via Pageid Parameter
SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047.
by InjEctOr5
Simpel Side Netbutik 1-4 - SQL Injection via cat or id Parameter
Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.
by Mr.SQL
SAP Web Application Server 7.0 - Cross-Site Scripting via PATH_INFO to Web GUI
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
by DSecRG
OmniPCX Office OXO210 < 210/091.001 and OXO600 < 610/014.001 - Remote Command Execution via FastJSData.cgi id2 Parameter
cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.
by DSecRG
Mantis < 1.1.2 - Cross-Site Scripting via return_dynamic_filters.php filter_target Parameter
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
by USH
Mantis 1.1.1 - Cross-Site Request Forgery via manage_user_create.php
Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link.
by USH
Webslider - SQL Injection
SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by fahn zichler
Starsgames Control Panel < 4.6.2 - Cross-Site Scripting via st Parameter
Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter.
by CWH Underground
bitmixsoft php-jokesite 2.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by InjEctOr5
MxBB Portal 2.7.3 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by cOndemned
Mantis < 1.1.2 - Authenticated Remote Code Execution via adm_config_set.php Value Parameter
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
by USH
eCMS 0.4.2 - SQL Injection / Security Bypass
by Virangar Security
ComicShout < 2.5 - SQL Injection via comic_id Parameter
SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter.
by Niiub
AppServ < 2.5.10 - Cross-Site Scripting via appservlang Parameter
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
by CWH Underground
Site Tanitimlari Scripti - Multiple SQL Injections
by fahn zichler
DizaynPlus Nobetci Eczane Takip 1.0 - 'ayrinti.asp' SQL Injection
by U238
microSSys CMS < 1.5 - Remote Code Execution via PAGES Array Parameter
PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter.
by Raz0r
By Source