Text Exploits
31,394 exploits tracked across all sources.
DivXDB 2002 0.94b - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
DaZPHPNews 0.1-1 - Path Traversal via makepost.php prefixdir Parameter
Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.
by w0cker
LANDesk Management Suite < 8.80.1.1 - Unauthenticated Path Traversal via PXE TFTP Service
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643.
by Luigi Auriemma
bamaGalerie 3.03-3.041 - SQL Injection
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by DreamTurk
OpenTerracotta 0.6.1 - Path Traversal via CurrentDirectory or File Parameter
Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.
by Joseph Giron
Mambo Component Ahsshop 1.51 - 'vara' SQL Injection
by S@BUN
pyxicom actualite 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Stack
FaScript FaPhoto 1.0 - SQL Injection
SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure
by Alexander Klink
SLMail Pro <= 6.3.1.0 - Denial of Service via Long URI in HTTP Request
WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
Microsoft Windows Explorer - '.doc' File Denial of Service
by Iron Team
WP-Download 1.2 - SQL Injection via dl_id Parameter
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
by BL4CK
JGS-XA JGS-Treffen <2.0.2 - SQL Injection
SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.
by anonymous
phpSpamManager 0.53 beta - Path Traversal
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
by GoLd_M
phpgkit 0.9 - Remote Code Execution via DOCUMENT_ROOT Parameter
PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities
by ZoRLu
Jax Guestbook 3.1, 3.31, 3.50 - Cross-Site Scripting via gmt_ofs and language Parameters
Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected.
by ZoRLu
Jax LinkLists 1.00 - Cross-Site Scripting via cat Parameter
Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
@lex_poll 2.1 - Cross-Site Scripting via Language Setup Parameter
Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
@lex_guestbook <= 4.0.5 - Cross-Site Scripting via Language Setup or Test Parameter
Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.
by ZoRLu
@lex_guestbook <= 4.0.5 - Cross-Site Scripting via Language Setup or Test Parameter
Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.
by ZoRLu
EfesTECH Video 5.0 - SQL Injection via catID Parameter
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.
by RMx
Microsoft Office 2000/2003/XP, Excel Viewer 2003, Office 2004 for Mac - RCE via Crafted Document
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
by Marsu
Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service
by Marsu
Smoothflash <admin_view_image.php - SQL Injection
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by S@BUN
By Source