Text Exploits
31,394 exploits tracked across all sources.
SAP Internet Transaction Server 6.20 - Cross-Site Scripting via WGate ~service Parameter
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.
by Portcullis
Shader TV Beta - SQL Injection via sid Parameter or Authentication Fields
Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp.
by U238
CMS Faethon 2.2 Ultimate - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon 2.2 Ultimate allows remote attackers to inject arbitrary web script or HTML via the what parameter. NOTE: some of these details are obtained from third party information.
by RoMaNcYxHaCkEr
Tux CMS 0.1 - Cross-Site Scripting via q Parameter or returnURL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php.
by Hadi Kiamarsi
Musicbox 2.3.6-2.3.7 - SQL Injection via viewalbums.php artistId Parameter
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
by HaCkeR_EgY
gameCMS Lite 1.0 - SQL Injection via systemId Parameter
SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote attackers to execute arbitrary SQL commands via the systemId parameter.
by InjEctOr5
PHP-Fusion Forum Rank System 6 - Path Traversal via settings[locale] Parameter
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Matrix86
VisualShapers ezContents 2.0.0 - SQL Injection via contentname or article Parameter
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php.
by Virangar Security
CMS Faethon 2.2 Ultimate - Remote Code Execution via mainpath Parameter
PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185.
by RoMaNcYxHaCkEr
Systementor PostcardMentor - SQL Injection via cat_fldAuto Parameter
SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter.
by InjEctOr5
fipsASP fipsCMS - SQL Injection via lg Parameter
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.
by InjEctOr5
Yahoo! Assistant < 3.6 - Remote Code Execution via Ynoifier COM Object
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
by Sowhat
sphider 1.3.4 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.
by Christian Holler
QTOFileManager 1.0 - Unauthenticated Arbitrary File Upload via qtofm.php
Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.
by CrAzY CrAcKeR
Pre Shopping Mall 1.1 - SQL Injection via Search Parameter
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
by t0pP8uZz
PHPEasyData 1.5.4 - SQL Injection via annuaire.php cat_id Parameter
SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by InjEctOr5
Miniweb2 blog_writer 2.0 - SQL Injection via Historymonth Parameter
SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.
by HaCkeR_EgY
ScriptsEZ.net Power Editor 2.0 - Cross-Site Scripting via te and dir Parameters
Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action.
by Virangar Security
Microsoft Windows-nt - Resource Management Error
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
by Nicob
ScriptsEZ.net Power Editor 2.0 - Path Traversal via te and dir Parameters
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
by Virangar Security
pnEncyclopedia < 0.2.0 - SQL Injection via id Parameter
SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.
by K-159
osCommerce 2.1/2.2 - Multiple Cross-Site Scripting Vulnerabilities
by David Sopas Ferreira
Online Rent Property Script <= 5.0 - SQL Injection via pid Parameter
SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.
by K-159
Miniweb 2.0 - SQL Injection via Username Parameter
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by HaCkeR_EgY
By Source