Text Exploits
31,394 exploits tracked across all sources.
PHPKB Knowledge Base 1.5 and 2.0 - SQL Injection via ID Parameter
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by parad0x
CoronaMatrix phpAddressBook <2.11 - SQL Injection
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Cr@zy_King
Newanz NewsOffice 1.0 and 1.1 - Remote Code Execution via news_show.php newsoffice_directory Parameter
PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter.
by RoMaNcYxHaCkEr
Mambo/Joomla! <1.6.2 - Path Traversal
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
by Houssamix
Trillian 3.1.9.0 - Buffer Overflow in XML Parser via Crafted DTD File
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file.
by david130490
HP OpenView Network Node Manager 7.53 - Multiple Vulnerabilities
by Luigi Auriemma
RS MAXSOFT fotogalerie - SQL Injection via popup_img.php fotoID Parameter
SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
by S@BUN
Ksemail - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters.
by dun
AlsaPlayer < 0.99.80-rc2 - Buffer Overflow in Vorbis Input Plugin
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
by Albert Sellares
Microsoft Windows SharePoint Services 2.0 - XSS
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
by OneIdBeagl3
Joomla! PU Arcade <2.2 - SQL Injection
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.
by MantiS
World of Phaos 4.0.1 - Path Traversal
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
by HaCkeR_EgY
KnowledgeQuest 2.6 - SQL Injection via kqid or username Parameter
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.
by Virangar Security
ARWScripts Gallery Script Lite - Path Traversal
Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.
by JIKO
exbb_italia < 0.2.2 - Remote File Inclusion via exbb[default_lang] Parameter
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter.
by The:Paradox
HP OpenView Network Node Manager <8.01 - Buffer Overflow
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
by Luigi Auriemma
Swiki 1.5 - Cross-Site Scripting via Query String and New Wiki Entry
Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry.
by Brad Antoniewicz
Prediction Football <1.x - SQL Injection
SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.
by 0in
Pligg CMS 9.9.0 - SQL Injection via Editlink.php ID Parameter
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Guido Landi
exbb_italia < 0.2.2 - Remote File Inclusion via new_exbb[home_path] or exbb[home_path] Parameter
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.
by The:Paradox
Koobi CMS 4.3.0 - SQL Injection via Gallery Module galid Parameter
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.
by S@BUN
Dream4 Koobi Pro 6.25 Links - 'categ' SQL Injection
by S@BUN
Dream4 Koobi Pro 6.25 Gallery - 'galid' SQL Injection
by S@BUN
dream4 Koobi 4.4 and 5.4 - SQL Injection via img_id Parameter
SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page.
by S@BUN
By Source