Text Exploits
31,394 exploits tracked across all sources.
MyioSoft EasyCalendar <= 4.0tr - Cross-Site Scripting via Day Parameter
Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action.
by JosS
RedGalaxy Download Center 1.2 - Cross-Site Scripting via Multiple URI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
RedGalaxy Download Center 1.2 - Cross-Site Scripting via Multiple URI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
RedGalaxy Download Center 1.2 - Cross-Site Scripting via Multiple URI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
lighttpd < 1.4.18 - Unauthenticated Arbitrary File Read via mod_userdir Default Path
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
by julien.cayzac
Filebase mod for phpBB - SQL Injection
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
by t0pP8uZz
ZClassifieds - SQL Injection via Cat Parameter
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.
by Lovebug
Sudirman Angriawan NukeC30 3.0 - SQL Injection
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.
by Houssamix
Mapbender 2.4-2.4.4 - Remote Code Execution via mapFiler.php Factor Parameter
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.
by RedTeam Pentesting
Mapbender 2.4.4 - SQL Injection via mod_gazetteer_edit.php gaz Parameter
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
by RedTeam Pentesting
Joomla! Component ProductShowcase 1.5 - SQL Injection
by S@BUN
Joomla! / Mambo Component ensenanzas - 'id' SQL Injection
by The-0utl4w
Bloo < 1.0 - SQL Injection via post_id Parameter
Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.
by MhZ91
ASG-Sentry Network Manager <7.0.0 - DoS
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.
by Luigi Auriemma
ASG-Sentry Network Manager <7.0.0 - Buffer Overflow
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161.
by Luigi Auriemma
Acronis Snap Deploy <2.0.0.1076 - Path Traversal
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
by Luigi Auriemma
Argon Technology CMS <1.31 - Path Traversal
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by Luigi Auriemma
Acronis Snap Deploy <2.0.0.1076 - DoS
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
by Luigi Auriemma
Motorola Timbuktu Pro 8.6.5 - Multiple Denial of Service Vulnerabilities
by Luigi Auriemma
Hadith module for PHP-Nuke - SQL Injection via cat Parameter
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.
by Lovebug
PHP-Nuke 4nAlbum Module 0.92 - 'pid' SQL Injection
by meloulisi
eWriting 1.2.1 - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
by Don
gallarific - Unauthenticated Task Manipulation via users.php and index.php
Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
Gallarific - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
By Source