Text Exploits
31,394 exploits tracked across all sources.
IEA Software RadiusNT/RadX <5.1.44 - DoS
The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
Mozilla Firefox 2.0.9 - 'view-source:' Scheme Information Disclosure
by Ronald van den Heetkamp
Ipswitch Instant Messaging <= 2.0.8.1 - Denial of Service via Version Field
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
by Luigi Auriemma
Customer Testimonials 3 and 3.1 Addon for osCommerce - SQL Injection via testimonial_id Parameter
SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.
by it's my
MODx CMS 0.9.6.1-0.9.6.1p1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.
by Alexandr Polyakov
Mambo com_sermon 0.2 - SQL Injection via gid Parameter
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.
by S@BUN
Joomla com_noticias 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action.
by xcorpitx
com_doc - SQL Injection via sid Parameter
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.
by S@BUN
Joomla! / Mambo Component com_sermon 0.2 - 'gid' SQL Injection
by S@BUN
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via Long JavaScript Method Arguments
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
by Paul Craig
CVSS 7.8
Pagetool 1.0.7 - Cross-Site Scripting via Search Term Parameter
Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Phanter-Root
OpenSiteAdmin < 0.9.1.1 - Remote Code Execution via Path Parameter in Multiple Scripts
Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/.
by Trancek
MyNews < 1.6.4 - Cross-Site Scripting via Hash Parameter
Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1.
by SkyOut
Joomla com_downloads - SQL Injection via filecatid Parameter
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
by S@BUN
Joomla com_ynews 1.0.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action.
by Crackers_Child
Astanda Directory Project 1.2-1.3 - SQL Injection via detail.php link_id Parameter
SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
by you_kn0w
TinTin++ 1.97.9 - Stack-based Buffer Overflow via Long Chat Message
Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.
by Luigi Auriemma
Ipswitch WS_FTP Server Manager <6.1.1 - Auth Bypass
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
by Luigi Auriemma
RMSOFT Gallery System 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by you_kn0w
Photokorn Gallery 1.543 - SQL Injection via Pic Parameter
SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action.
by you_kn0w
Download Management 1.00 for PHP-Fusion - Multiple Local File Inclusions
by Psiczn
All Club CMS < 0.0.1f - SQL Injection via Name Parameter
SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
by ka0x
XOOPS 2.0.18 - Path Traversal via Lang Parameter
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by DSecRG
XOOPS 2.0.18 - Open Redirect via xoops_redirect Parameter
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
by DSecRG
DivideConcept VHD Web Pack 2.0 - Remote File Inclusion via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by DSecRG
By Source