Text Exploits
31,394 exploits tracked across all sources.
PhpBlock A8.5 - Remote Code Execution via PATH_TO_CODE Parameter
Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776.
by CraCkEr
Ktools PhotoStore 3.4.3 and 3.5.2 - SQL Injection via gid Parameter
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.
by DNX
Ktools PhotoStore <= 3.5.2 - SQL Injection via id Parameter
SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DNX
BlogPHP 2.0 - Cross-Site Scripting via User Parameter in Sendmessage Action and Username Parameter in Registration
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.
by David Sopas Ferreira
Advanced Links Management 1.5.2 - SQL Injection via catId Parameter
SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter.
by His0k4
Ktools PhotoStore 3.4.3 - SQL Injection via Gallery gid Parameter
SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
by Mr.SQL
Phoenix View CMS Pre Alpha2 and earlier - Path Traversal via ltarget Parameter
Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter.
by tw8
Phoenix View CMS Pre Alpha2 and earlier - Cross-Site Scripting via ltarget and conf Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/.
by tw8
WordPress Plugin WP Photo Album - 'photo' SQL Injection
by THE_MILLER
Phoenix View CMS Pre Alpha2 and earlier - SQL Injection via del Parameter
Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/.
by tw8
Ktools PhotoStore <= 3.5.2 - SQL Injection via id Parameter
SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.SQL
HispaH Model Search - SQL Injection via cat Parameter
SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by InjEctOr5
cPanel 11.15.0-11.18.3 and 11.22-11.22.2 - Cross-Site Scripting via Malformed HTML Tags
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
by Matteo Carli
cPanel 11.15.0-11.18.3 and 11.22-11.22.2 - Cross-Site Scripting via Malformed HTML Tags
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
by Matteo Carli
cPanel 11.15.0-11.18.3 and 11.22-11.22.2 - Cross-Site Scripting via Malformed HTML Tags
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
by Matteo Carli
Admidio 1.4.8 - Path Traversal via File Parameter in get_file.php
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by n3v3rh00d
Oracle Application Server Portal 10g - Unauthenticated Directory Traversal via Trailing %0A
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.
by Deniz Cevik
Apache HTTP Server <= 2.2.6 - Cross-Site Scripting via UTF-7 Encoded URLs
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
by Yaniv Miron
SazCart 1.5.1 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php.
by RoMaNcYxHaCkEr
miniBloggie 1.0 - Unauthenticated Arbitrary Post Deletion via post_id Parameter
del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.
by Cod3rZ
Cyberfolio 7.12 - Remote Code Execution via rep Parameter
PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter.
by RoMaNcYxHaCkEr
ZyXEL ZyWALL 100 - Cross-Site Scripting via Referer Header
Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.
by Deniz Cevik
SonicWall Email Security 6.1.1 - Cross-Site Scripting via Host Header
Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.
by Deniz Cevik
SAP Internet Transaction Server 6.20 - Cross-Site Scripting via WGate ~service Parameter
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.
by Portcullis
By Source