Text Exploits
31,394 exploits tracked across all sources.
Thecus N5200Pro NAS Server Control Panel - Remote Code Execution via usrgetform.html name Parameter
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
by Crackers_Child
XPWeb 3.0.1, 3.3.2 - Path Traversal via Download.php url Parameter
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
by GoLd_M
PHPizabi 0.848b C1 HFP1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Event Page Image Upload
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
by ZoRLu
freeSSHd < 1.2 - Denial of Service via SSH2_MSG_NEWKEYS Packet
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
by Luigi Auriemma
WP Photo Album < 1.1 - SQL Injection via Photo or Album Parameter
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
by S@BUN
TRUC 0.11.0 - Path Traversal via download.php upload_filename Parameter
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
by GoLd_M
PowerPhlogger 2.2.5 - XSS
Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter.
by MustLive
Joomla com_ricette Component - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
by S@BUN
Joomlapixel Jooget! 2.6.8 - SQL Injection via id Parameter
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
by S@BUN
Joomla com_galeria - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by S@BUN
com_filebase component for Joomla! and Mambo - SQL Injection via filecatid Parameter
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
by S@BUN
Joomla! / Mambo Component com_lexikon - 'id' SQL Injection
by S@BUN
BanPro net_banpro_dms 1.0 - Path Traversal via DMS/index.php Action Parameter
Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.
by muuratsalo
Foxit Remote Access Server 2.0 Build 3503 - Heap-Based Buffer Overflow via Long SSH Packets
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
by Luigi Auriemma
Sophos ES1000 and ES4000 2.1.0.0 - Cross-Site Scripting via Error and Go Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
by Leon Juranic
KarjaSoft Sami FTP Server 2.0.x - Denial of Service via Malformed FTP Commands
KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands.
by Cod3rZ
Yellow Swordfish Simple Forum 1.x - 'topic' SQL Injection
by S@BUN
Yellow Swordfish Simple Forum 1.7/1.9 - 'index.php' SQL Injection
by S@BUN
Yellow Swordfish Simple Forum 1.10/1.11 - 'topic' SQL Injection
by S@BUN
WordPress Plugin Simple Forum 2.0 < 2.1 - SQL Injection
by S@BUN
WordPress Plugin Simple Forum 1.10 < 1.11 - SQL Injection
by S@BUN
Kemas Antonius com_quran < 1.1 - SQL Injection via surano Parameter
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
by Don
Joomla! / Mambo Component faq - 'catid' SQL Injection
by S@BUN
Joomla! / Mambo Component com_smslist - 'listid' SQL Injection
by S@BUN
com_sg - SQL Injection via pid Parameter
SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task.
by S@BUN
By Source