Text Exploits
31,394 exploits tracked across all sources.
PHP-Nuke Gallery 1.3 Module - 'artid' SQL Injection
by S@BUN
Garys Cookbook <1.1.1 - SQL Injection
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
by S@BUN
Joomla! / Mambo Component com_hello_world - 'id' SQL Injection
by S@BUN
Quantum Game Library 0.7.2c - Remote Code Execution via CONFIG[gameroot] Parameter
Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php.
by RoMaNcYxHaCkEr
phpQLAdmin 2.2.7 - Remote Code Execution via _SESSION[path] Parameter
Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.
by RoMaNcYxHaCkEr
Citrix Metaframe Web Manager - 'login.asp' Cross-Site Scripting
by Handrix
OSSIM <= 0.9.9 rc5 - Cross-Site Scripting via Login Page Dest Parameter
Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
by Marcin Kopec
tinyevent 1.01 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
by S@BUN
XOOPS Prayer List Module 1.04 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
by S@BUN
Plume CMS 1.2.2 - '/manager/xmedia.php' Cross-Site Scripting
by Omer Singer
PHP-Nuke Manuales 0.1 - SQL Injection via cid Parameter
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
by Mehmet Ince
NukeC 2.1 - SQL Injection via id_catg Parameter
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
by DamaR
Php-Nuke 6.x-7.2 - SQL Injection via Orderby or Sid Parameter
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
by S@BUN
PHP-Nuke Classifieds Module - 'Details' SQL Injection
by S@BUN
OSSIM < 0.9.9 - Authenticated SQL Injection via portname Parameter
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
by Marcin Kopec
Joomla! / Mambo Component Referenzen - 'id' SQL Injection
by S@BUN
Joomla! / Mambo Component com_most - 'secid' SQL Injection
by S@BUN
Joomla! / Mambo Component com_asortyment - 'katid' SQL Injection
by S@BUN
Aeries Student Information System 3.8.2.8 - SQL Injection via GradebookStuScores.asp GrdBk Parameter
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.
by Arsalan Emamjomehkashan
Aeries Student Information System 3.7.2.2 - SQL Injection via FC Parameter or Term Parameter
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
by Arsalan Emamjomehkashan
beContent 0.3.1 - SQL Injection via News.php ID Parameter
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Cr@zy_King
IBM Lotus Quickr QuickPlace Server 8.0 - Calendar 'Count' Cross-Site Scripting
by Nir Goldshlager AVNE
By Source