Text Exploits
31,394 exploits tracked across all sources.
PHP-Nuke DownloadsPlus Module - Unrestricted File Upload and Remote Code Execution via .htm .html or .txt Extensions
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.
by ZoRLu
PHCDownload 1.1 - Cross-Site Scripting via Step Parameter
Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
PHCDownload 1.1 - SQL Injection via Admin Index Hash Parameter
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
jpad 1.0 - SQL Injection via cid Parameter
SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
by His0k4
e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities
by ZoRLu
DigitalHive 2.0 RC2 - Cross-Site Scripting via mt Parameter
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.
by ZoRLu
Eclipse IDE - Cross-Site Scripting via Help Contents Search or Working Set Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
by Rob
Eclipse IDE - Cross-Site Scripting via Help Contents Search or Working Set Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
by Rob
RSA Authentication Agent for Web 5.3 - Open Redirection
by Richard Brain
Joomla Filiale 1.0.4 - SQL Injection via idFiliale Parameter
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
by str0xo
Community Builder for Joomla! and Mambo - SQL Injection via User Parameter
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
by $hur!k'n
Horde Kronolith <2.1.7, Horde Groupware <1.0.6 - XSS
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
by Aria-Security Team
cogites e_reserve 2.1 - SQL Injection via ID_loc Parameter
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.
by JIKO
F5 FirePass 4100 SSL VPN <6.2 - XSS
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Alberto Cuesta Partida
Computer Associates eTrust Secure Content Manager 8.0 - 'eCSqdmn' Remote Denial of Service
by Luigi Auriemma
Spreadsheet (wpSS) <0.6 - SQL Injection
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
by 1ten0.0net1
Serendipity < 1.3.1 - Cross-Site Scripting via Referer HTTP Header
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
by Hanno Boeck
Joomla com_flippingbook 1.0.4 - SQL Injection via book_id Parameter
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
by cO2
Tr Script News 2.1 - SQL Injection via nb Parameter in news.php
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
by His0k4
Adobe Photoshop Album Starter Edition 3.2 - Buffer Overflow
Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244.
by c0ntex
Tr Script News 2.1 - Authenticated Remote Code Execution via File Upload
Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.
by His0k4
Cedric CLAIRE PortailPhp 2 - Remote File Inclusion via chemin Parameter
Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
Crazy Goomba 1.2.1 - SQL Injection via commentaires.php id Parameter
SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
DevWorx BlogWorx 1.0 - SQL Injection
SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by U238
By Source