Text Exploits
31,394 exploits tracked across all sources.
wildmary Yap Blog 1.1 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by THE_MILLER
4nChat 0.91 - SQL Injection via roomid Parameter
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by meloulisi
WEBrick <1.8.5-p115, 1.8.6-p114, 1.9-1.9.0-1 - Path Traversal
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
by DSecRG
Java Runtime Environment <6.4 - Privilege Escalation
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
by Chris Evans
Airspan WiMax ProST 4.1-6.5.38.0 - Auth Bypass
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
by Francis Lacoste-Cordeau
Perforce Server <2007.3/143793 - DoS
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.
by Luigi Auriemma
VersantD service - Command Injection
Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.
by Luigi Auriemma
PHP-Nuke eGallery 3.0 Module - 'pid' SQL Injection
by Aria-Security Team
PHP-Nuke 'Seminars' Module - 'Filename' Local File Inclusion
by The-0utl4w
MG2 admin.php Import Action - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action.
by Jose Carlos Norte
FreeBSD 6.3 and 7.0 - Stack-Based Buffer Overflow in ppp command_Expand_Interpret
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
by sipherr
Micro Focus VisiBroker < 08.00.00.c1.03 - Remote Code Execution via UDP Packet Integer Overflow
Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.
by Luigi Auriemma
TorrentTrader Classic 1.08 - Cross-Site Scripting via account-inbox.php msg Parameter
Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Dominus
KCWiki 1.0 - Remote Code Execution via Page Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
by muuratsalo
KCWiki 1.0 - Remote Code Execution via Page Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
by muuratsalo
Flyspray 0.9.9 - Information Disclosure/HTML Injection / Cross-Site Scripting
by Digital Security Research Group
Borland StarTeam 2008 10.0.57 - Multiple Remote Vulnerabilities
by Luigi Auriemma
phpComasy 0.8 - SQL Injection via mod_project_id Parameter
SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.
by Cr@zy_King
phpArcadeScript <3.0 RC2 - SQL Injection
SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.
by SoSo H H
Johannes Hass gaestebuch 2.2 - SQL Injection
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.
by TurkishWarriorr
com_musica - SQL Injection via id Parameter
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Aria-Security Team
By Source