Text Exploits
31,394 exploits tracked across all sources.
MegaBBS 2.2 - Cross-Site Scripting via toid Parameter
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication.
by BugReport.IR
YourFreeWorld Jokes Site Script - SQL Injection via Jokes.php Catagorie Parameter
SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.
by ProgenTR
DotContent FluentCMS 4.x - SQL Injection via view.php sid Parameter
SQL injection vulnerability in view.php in DotContent FluentCMS 4.x allows remote attackers to execute arbitrary SQL commands via the sid parameter. NOTE: some of these details are obtained from third party information.
by cO2
Content Management System 0.6.1 - Path Traversal via cm_imgpath Parameter
Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter.
by Houssamix
PD9 Software MegaBBS 2.2 - SQL Injection
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.
by BugReport.IR
Siteman 2.0.x2 - Authenticated Path Traversal via Module Parameter
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
by Khashayar Fereidani
Angelo-Emlak 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp.
by U238
Siteman 2.0.x2 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
by Khashayar Fereidani
Siteman 2.0.x2 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
by Khashayar Fereidani
MyArticles 0.6 beta-1 - SQL Injection via topic_id Parameter
SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action.
by Cr@zy_King
pnflashgames 1.5-2.5 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action.
by Kacper
PHPizabi 0.848b C1 HFP3 - Authenticated Exposure of Sensitive Information via Macro Expansion
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.
by YOUCODE
PHP Forge 3.0 beta 2 - SQL Injection via News Module id Parameter
SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.
by JIKO
Visites (com_joomla-visites) 1.1 RC2 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by NoGe
Content Management System for Phprojekt 0.6.1 - Remote File Inclusion
by RoMaNcYxHaCkEr
Novell Groupwise 7.0 - HTML Injection / Denial of Service
by Juan Pablo Lopez Yacubian
Angelo-Emlak 1.0 - Cross-Site Scripting via sayfa Parameter
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter.
by U238
miniBB < 2.2 - Exposure of Sensitive Information via glang Parameter
miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.
by girex
miniBB < 2.2 - Cross-Site Scripting via glang[] Parameter
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
by girex
PostNuke PostSchedule 1.0 - SQL Injection
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.
by Kacper
miniBB < 2.2 - SQL Injection via xtr Parameter
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
by girex
Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion
by NoGe
CA ARCserve Backup <12.0.5454.0 - DoS
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.
by Luigi Auriemma
IBM Lotus Expeditor Client for Desktop <6.1.2 - Command Injection
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
by Thomas Pollet
pixel_motion_blog - Cross-Site Scripting via jours Parameter
Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.
by ZoRLu
By Source