Text Exploits
31,394 exploits tracked across all sources.
MyBoard 1.0.12 - Cross-Site Scripting via rep.php id Parameter
Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information.
by ZoRLu
EditeurScripts EsContacts 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.
by ZoRLu
EditeurScripts EsContacts 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.
by ZoRLu
EditeurScripts EsContacts 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.
by ZoRLu
EditeurScripts EsContacts 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.
by ZoRLu
EditeurScripts EsContacts 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.
by ZoRLu
EditeurScripts EsContacts 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php.
by ZoRLu
123 Flash Chat 6.8.0 module for e107 - Remote Code Execution via e107path Parameter
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
by by_casper41
CoBaLT 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by U238
Carbon Communities <2.4 - SQL Injection
Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action.
by BugReport.IR
ICQ 6.0 build 6043 - Buffer Overflow
Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.
by Leon Juranic
XplodPHP AutoTutorials <2.1 - SQL Injection
SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by cO2
xine-lib < 1.1.12 - Stack-based Buffer Overflow via Long NSF Title
Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title.
by Guido Landi
Carbon Communities < 2.4 - Cross-Site Scripting via Redirect or OrderBy Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.
by BugReport.IR
LightNEasy - Path Traversal and Arbitrary File Access via thumbsup.php Image Parameter
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
by girex
W2B Online Banking - Remote Code Execution via ilang Parameter
PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter.
by THuM4N
LightNEasy SQLite <= 1.2.2 - SQL Injection via dlid Parameter
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
by girex
Lasernet CMS <1.5,1.11 - SQL Injection
SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action.
by cO2
Chattaitaliano Istant-Replay - Remote Code Execution via read.php data Parameter
PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter.
by THuGM4N
Classifieds Caffe - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific.
by JosS
AMFPHP 1.2 - Cross-Site Scripting via Class or Location Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/; and the (2) location parameter to browser/code.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Alberto Cuesta Partida
AMFPHP 1.2 - Cross-Site Scripting via Class or Location Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/; and the (2) location parameter to browser/code.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Alberto Cuesta Partida
AMFPHP 1.2 - Cross-Site Scripting via Class or Location Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/; and the (2) location parameter to browser/code.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Alberto Cuesta Partida
Koobi CMS 4.2.3-4.3.0 - SQL Injection via Categ Parameter
SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.
by JosS
Koobi Pro 5.7 - SQL Injection via Downloads Module categ Parameter
SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.
by JosS
By Source