Text Exploits
31,394 exploits tracked across all sources.
Custom Pages 1.0 plugin for MyBulletinBoard - SQL Injection via Page Parameter
SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Lidloses_Auge
Blog Pixel Motion - Info Disclosure
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
by JIKO
pixel_motion_blog - SQL Injection via categorie Parameter
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.
by parad0x
mod_jk2 < 2.0.3-DEV - Remote Code Execution via Long Host Header
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
by INetCop Security
VisualPic 0.3.1 - Remote Code Execution via _CONFIG[files][functions_page] Parameter
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter.
by Cr@zy_King
Scriptsagent.com Links Directory 1.1 - SQL Injection
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
by t0pP8uZz
Prozilla Entertainers <1.1 - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
by t0pP8uZz
Blogator-script 0.95 - Unauthenticated Arbitrary Password Change via Wildcard Parameter Injection
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
by Virangar Security
CoBaLT 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) urun.asp, (2) admin/bayi_listele.asp, (3) admin/urun_grup_listele.asp, and (4) admin/urun_listele.asp.
by U238
Terong PHP Photo Gallery 1.0 - Info Disclosure
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
by t0pP8uZz
Web Server Creator Web Portal 0.1 - Remote Code Execution via langfile Parameter
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
Vastal I-Tech Software Zone - SQL Injection via view_product.php cat_id Parameter
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by t0pP8uZz
sabros.us 1.75 - Path Traversal via thumbnails.php img Parameter
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
by HaCkeR_EgY
RobotStats 0.1 - Remote Code Execution via DOCUMENT_ROOT Parameter
Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
RobotStats 0.1 - Remote Code Execution via DOCUMENT_ROOT Parameter
Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
Poplar Gedcom Viewer 2.0 - Cross-Site Scripting via Text and UL Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
Terong PHP Photo Gallery 1.0 - SQL Injection
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
by t0pP8uZz
NukeET 3.2 and 3.4 - Authenticated Cross-Site Scripting via Private Message STYLE Attribute
Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information.
by Jose Luis Zayas
KwsPHP 1.0 - Cross-Site Scripting via ConcoursPhoto VIEW Parameter
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.
by H-T Team
By Source