Text Exploits
31,394 exploits tracked across all sources.
Zilab Chat and Instant Messaging (ZIM) Server <2.2 - DoS
The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted requests without required parameters.
by Luigi Auriemma
Aeries Student Information System 3.7.2.2 - SQL Injection via FC Parameter or Term Parameter
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
by Arsalan Emamjomehkashan
Aeries Student Information System 3.7.2.2 - SQL Injection via FC Parameter or Term Parameter
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
by Arsalan Emamjomehkashan
PHP-Nuke Okul Module - SQL Injection via okulid Parameter
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
by Mehmet Ince
PHP-Nuke Inhalt Module - SQL Injection via cid Parameter
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Crackers_Child
PHP-Nuke Docum Module - SQL Injection via artid Parameter
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
by DamaR
hwdVideoShare 1.1.3 Alpha - SQL Injection via cat_id Parameter
SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php.
by S@BUN
Joomla! / Mambo Component com_Joomlavvz - 'id' SQL Injection
by S@BUN
Globsy 1.0 - Path Traversal via File Parameter
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by GoLd_M
Sybase MobiLink < 10.0.1.3629 - Remote Code Execution via Long Username, Version, or Remote ID
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
PHP-Nuke Sections Module - SQL Injection via artid Parameter
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op.
by S@BUN
SCI Photo Chat Server <3.4.9 - Path Traversal
Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command.
by Luigi Auriemma
XOOPS eEmpregos Module - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
by S@BUN
jlmZone Classifieds - SQL Injection via cid Parameter in Adsview Action
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.
by S@BUN
SmarterTools SmarterMail Enterprise 4.3 - Stored Cross-Site Scripting via Email Subject STYLE Attribute
Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message.
by Juan Pablo Lopez Yacubian
RunCMS MyAnnonces 1.7 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
by S@BUN
PHP-Nuke Web Links Module - SQL Injection via cid Parameter
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
by S@BUN
PHP-Nuke EasyContent Module - SQL Injection via page_id Parameter
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
by Mehmet Ince
Joomla! Component iJoomla! com_magazine - 'pageid' SQL Injection
by S@BUN
By Source