Text Exploits
31,394 exploits tracked across all sources.
eForum 0.4 - 'busca.php' Multiple Cross-Site Scripting Vulnerabilities
by Omni
Easy-Clanpage 2.2 - SQL Injection via Gallery Module id Parameter
SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action.
by n3w7u
cPanel 11.18.3 - Path Traversal via Disk Usage Module showtree Parameter
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
by Linux_Drox
Asterisk Open Source <1.4.18.1-1.6.0-beta6 - Buffer Overflow
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
by Mu Security research
KAPhotoservice - SQL Injection via album.asp albumid Parameter
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
by JosS
MG-SOFT Net Inspector <6.5.0.828 - RCE
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file.
by Luigi Auriemma
MG-SOFT Net Inspector <6.5.0.828 - Path Traversal
Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI.
by Luigi Auriemma
MG-SOFT Net Inspector <6.5.0.828 - DoS
MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine).
by Luigi Auriemma
MG-SOFT Net Inspector 6.5.0.826 - Multiple Remote Vulnerabilities
by Luigi Auriemma
BootManage TFTPD <1.99 - Buffer Overflow
Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename.
by Luigi Auriemma
SNewsCMS Rus 2.1-2.4 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
by medprostuda.ru
phpauction_gpl 2.51 - Remote Code Execution via include_path Parameter
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.
by RoMaNcYxHaCkEr
Joomla! / Mambo Component com_guide - 'category' SQL Injection
by The-0utl4w
Exero CMS 1.0.1 - Path Traversal via Theme Parameter
Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.
by GoLd_M
cyberfrogs cfnetgs 0.24 - Cross-Site Scripting via Directory Parameter
Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
Apple Mac OS X 10.5.2 - Authenticated Path Traversal and Arbitrary File Write via Wiki Server File Attachments
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
by Rodrigo Carvalho
RSA WebID - Cross-Site Scripting via IISWebAgentIF.dll postdata Parameter
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
by quentin.berdugo
Imperva SecureSphere MX Management Server 5.0 - Cross-Site Scripting via Alert Page Corrective Action Section
Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page.
by Berezniski
Multiple Time Sheets <= 5.0 - Cross-Site Scripting via Tab Parameter
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.
by JosS
phpbp 2 RC3 (2.204) FIX 4 - SQL Injection via Banner ID Parameter
SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action.
by irk4z
Multiple Time Sheets <5.0 - Path Traversal
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
by JosS
fuzzylime (cms) 3.01 - Remote Code Execution via admindir Parameter
PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.
by irk4z
eXV2 WebChat 1.60 - SQL Injection via roomid Parameter
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
by S@BUN
Viso (Industry Book) <2.04-2.03 - SQL Injection
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.
by S@BUN
By Source