Text Exploits
31,394 exploits tracked across all sources.
EMO Realty Manager - SQL Injection via news.php ida Parameter
SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter.
by HaCkeR_EgY
e107_blog_engine 2.2 - SQL Injection via rid Parameter
SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter.
by Saime
Mytipper ZoGo-shop 1.15.5 and 1.16 Beta 13 - SQL Injection via cat Parameter
SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Cr@zy_King
CaLogic Calendars 1.2.2 - SQL Injection via langsel Parameter
SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter.
by His0k4
Multiple Platform IPv6 Address Publication - Denial of Service
by Tyler Reguly
Meto Forum 1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp.
by U238
ClanLite 2.2006.05.20 - Cross-Site Scripting via annee Parameter
Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.
by ZoRLu
AJ Square ZeusCart <2.0 - SQL Injection
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by t0pP8uZz
phpMyAgenda 2.1 - 'infoevent.php3' Remote File Inclusion
by MajnOoNxHaCkEr
phpInstantGallery 2.0 - Cross-Site Scripting via Gallery and Imgnum Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan phpInstantGallery 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gallery parameter to (a) index.php and (b) image.php, and the (2) imgnum parameter to image.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
phpInstantGallery 2.0 - Cross-Site Scripting via Gallery and Imgnum Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan phpInstantGallery 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gallery parameter to (a) index.php and (b) image.php, and the (2) imgnum parameter to image.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
PHP Classifieds Script - SQL Injection via fatherID Parameter
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.
by InjEctOr5
YABSoft Mega File Hosting Script 1.2 - Authenticated SQL Injection via fid Parameter
SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter.
by TurkishWarriorr
IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injections
by SkyOut
Fusebox 5.5.1 - Remote Code Execution via FUSEBOX_APPLICATION_PATH Parameter
PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by MajnOoNxHaCkEr
CyrixMED 1.4 - Cross-Site Scripting via msg_erreur Parameter
Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
Claroline 1.7.5 - Multiple Remote File Inclusions
by MajnOoNxHaCkEr
ClanLite 2.2006.05.20 - SQL Injection
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
by ZoRLu
BigACE 2.4 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423.
by BiNgZa
AJ Square aj-hyip - SQL Injection via forum/topic_detail.php id Parameter
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
by InjEctOr5
AJ Auction <= 6.2.1 - SQL Injection via item_id Parameter
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
by t0pP8uZz
AJ Article 1.0 - SQL Injection via artid Parameter
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
by t0pP8uZz
ScrewTurn Wiki <2.0.29-2.0.30 - XSS
Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page.
by Portcullis
By Source